Get current (and observed max?) Active Connections ?

  • I am currently using a Dell server to run pfSense (v2.3) and considering buying an "official/specific" server for pfSense (2 actually: for CARP redundancy).

    Is there a way to know the "Active Connections" count of my current setup (and any other useful "limitating" metric)? By knowing this I could determine which server I need.


  • LAYER 8 Netgate

    Status > Monitoring click the wrench, Left Axis: System, States. Update graph.

    Change the duration of the graph and look at the highest resolution available to get the most accurate picture.

    You can also look at CPU utilization, Memory, etc there.

    A good view of current conditions is Status > Dashboard. For connections look at the state table size. But for system sizing I think the historical graphs are more valuable.

    My guess is you won't be close to the capabilities of the SG-2220 and the real decision is how many physical interfaces you need. For HA/CARP I would set the minimum unit at an SG-2440. WAN, LAN, SYNC, and an available OPT.

  • Thanks, I guess the "states" counter grows with connections :)

    On "Status" > "Monitoring", the "Data Summary" part shows, for "filter states":
    max = 12852.89
    average = 4136.85
    (but it does not seems to always update according to time period and resolution setting: have to try multiple times)

    On "Status" > "Dashboard", the "System information" says:
    State table size: 3855/393000
    MBUF Usage: 2030/26584

    I'll check theses metrics on monday rush ;)

  • LAYER 8 Netgate

    Those graphs were new in 2.3. 2.3.2 is recommended.

  • I am running v2.3.2 (I had omitted the patch part ;)).

  • FWIW, the max # of states is governed by how much RAM you have installed.  Quick and dirty rule is about 100,000 states per GB of RAM as the default state table size on pfsense.  Source:  "Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available."

    IMO, the state table size is probably the least of your worries when choosing hardware, since RAM is cheap.  Hope this helps.