Sessions and States.. one in the same?



  • Hey team,

    I am sure this is a newbie question but i wanted to be sure!

    States and Sessions

    are they one in the same?

    One of our admins here always refers to states and monitors States on his firewalls, other vendors usually refer to Sessions and how many sessions a box can handle, i seem to hear the terms used to refer to the same thing, how many connection are active on a firewall at a given time..


  • Rebel Alliance Developer Netgate

    Similar but perhaps not identical.

    Each "session", taken to mean one established connection to or through the firewall, has at least one state but usually two: One state as it enters the firewall, one as it leaves the firewall.

    If you are communicating to the firewall directly, there may just be one state.
    If you are talking through the firewall (e.g. accessing a web site or accessing a forwarded port) there will be two states.

    So, roughly speaking, states/2 = sessions. If your system can handle 200,000 states that would be approximately 100,000 "sessions".



  • Appreciate the clarification on that, helps a lot, as the connections are all going through the firewall to an internal app server avg of 28k States so 14k sessions roughly.

    This is another FW we run, not from pfsense.

    Is there a way to see the sessions in pfsense? i think pfsense use to support pfstatd but no longer does…..

    pfstat used to be part of pfsense packages, but looks like it was taken out at some point back in 2006

    http://www.pfsense.com/packages/config/pfstat.xml



  • @SysIT:

    Is there a way to see the sessions in pfsense? i think pfsense use to support pfstatd but no longer does…..

    pfstat used to be part of pfsense packages, but looks like it was taken out at some point back in 2006

    http://www.pfsense.com/packages/config/pfstat.xml

    --Image removed--

    Sure.

    Login to pfSense and head over to:
    Status -> RRD Graphs
    Under System tab -> Graphs -> Select "States"

    That gives you the number of States over time for the box.
    To see active connections, head over to Diagnostics -> States.  You can drop connections from there as well.

    Edit:  By the way, is that graph from an SRX?



  • Do you know if you can poll that data from an external source such as PRTG or other SNMP monitoring systems?



  • @SysIT:

    Do you know if you can poll that data from an external source such as PRTG or other SNMP monitoring systems?

    IIRC, yes, you can use softflowd with PRTG.

    See for installing softflowd:
    https://doc.pfsense.org/index.php/Exporting_NetFlow_with_softflowd


  • Rebel Alliance Developer Netgate

    You can poll the state table and other variables from SNMP (Services > SNMP, enable the PF module) – MIB for the pf items is here:
    http://files.nyi.pfsense.org/jimp/mibs/BEGEMOT-PF-MIB.txt



  • This just keeps getting better and better!

    Appreciated again, redoing all of my monitoring systems and this will become my primary FW for a month or 2 so i need to see the kind of connections we are putting through it, box is total over kill, but still, nice to see what is going on!


Log in to reply