The Advanced Secure Gateway (ASG) operates based on Licensed User Count and HTTP connection count. When the Concurrent User Count reaches the Licensed User Count limit, the ASG would either bypass or queue subsequent user's connection. This is configurable and the default is queue:
MY_ASG#(config general)user-overflow-action ?
bypass Bypass the proxy when user limit is reached
queue Queue users when user limit is reached
The User Count (measured based on unique client IP) can be obtained from the GUI or an advanced URL
1) GUI: Management Console > Proxy > Statistics > System > Resources > Concurrent Users
2) Advanced URL: https://<SG-IP>:8082/TCP/Users
The advanced URL contains comprehensive information and details for each client connection
User overflow action
Maximum number of concurrent users allowed <-------- Licensed User Count
Number of concurrent users
High watermark for concurrent users
Number of users in queue
High watermark for users in queue
Number of queued users activated
User high watermark for PDM
Number of proxy users time-out in queue
Number of ADN users time-out in queue
Number of allocations for queued users
Number of queued connections
Number of queued explicit connections
Apart from the Licensed User Count, the ASG also operates based on HTTP Client Connection, which is typically: Licensed User Count * 5. An ASG with 1000 Licensed User Count for example would therefore support 5000 HTTP Client Connection.
HTTP Client Connection information can be obtained from the advanced URL https://<SG-IP>:8082/HTTP/Statistics and the two stats of interest would be:
HTTP_MAIN_0090 Maximum acceptable concurrent client connections
HTTP_MAIN_0091 Currently established client connections
Subsequent client connection to the ASG would be queued if the "Currently established client connections" has reached the "Maximum acceptable concurrent client connections". Summary of the client connections can be obtained from the advanced URL: https://<SG-IP>:8082/TCP/Users in the "Active User List" section. This section provides a summary for each client IP address and would be very useful to isolate 'suspicious' clients that utilize abnormally large number of connections
Details of each connection (Client IP and Port, Server IP and Port and Connection State) can be accessed from the advanced URL: https://<SG-IP>:8082/TCP/Connections if further investigation is required