Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Get current (and observed max?) Active Connections ?

    Scheduled Pinned Locked Moved Hardware
    6 Posts 3 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CDuv
      last edited by

      I am currently using a Dell server to run pfSense (v2.3) and considering buying an "official/specific" server for pfSense (2 actually: for CARP redundancy).

      Is there a way to know the "Active Connections" count of my current setup (and any other useful "limitating" metric)? By knowing this I could determine which server I need.

      Thanks

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Status > Monitoring click the wrench, Left Axis: System, States. Update graph.

        Change the duration of the graph and look at the highest resolution available to get the most accurate picture.

        You can also look at CPU utilization, Memory, etc there.

        A good view of current conditions is Status > Dashboard. For connections look at the state table size. But for system sizing I think the historical graphs are more valuable.

        My guess is you won't be close to the capabilities of the SG-2220 and the real decision is how many physical interfaces you need. For HA/CARP I would set the minimum unit at an SG-2440. WAN, LAN, SYNC, and an available OPT.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • C
          CDuv
          last edited by

          Thanks, I guess the "states" counter grows with connections :)

          On "Status" > "Monitoring", the "Data Summary" part shows, for "filter states":
          max = 12852.89
          average = 4136.85
          (but it does not seems to always update according to time period and resolution setting: have to try multiple times)

          On "Status" > "Dashboard", the "System information" says:
          State table size: 3855/393000
          MBUF Usage: 2030/26584

          I'll check theses metrics on monday rush ;)

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Those graphs were new in 2.3. 2.3.2 is recommended.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • C
              CDuv
              last edited by

              I am running v2.3.2 (I had omitted the patch part ;)).

              1 Reply Last reply Reply Quote 0
              • W
                whosmatt
                last edited by

                FWIW, the max # of states is governed by how much RAM you have installed.  Quick and dirty rule is about 100,000 states per GB of RAM as the default state table size on pfsense.  Source:  https://www.pfsense.org/hardware/  "Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available."

                IMO, the state table size is probably the least of your worries when choosing hardware, since RAM is cheap.  Hope this helps.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.