The Advanced Secure Gateway (ASG) operates based on Licensed User Count and HTTP connection count. When the Concurrent User Count reaches the Licensed User Count limit, the ASG would either bypass or queue subsequent user's connection. This is configurable and the default is
MY_ASG#(config general)user-overflow-action ? bypass Bypass the proxy when user limit is reached none Do not enforce licensed user limit queue Queue users when user limit is reached
The User Count (measured based on unique client IP) can be obtained from the GUI or an advanced URL
The advanced URL contains comprehensive information and details for each client connection
User overflow action Maximum number of concurrent users allowed <-------- Licensed User Count Number of concurrent users High watermark for concurrent users Number of users in queue High watermark for users in queue Number of queued users activated User high watermark for PDM Number of proxy users time-out in queue Number of ADN users time-out in queue Number of allocations for queued users Number of queued connections Number of queued explicit connections
Apart from the Licensed User Count, the ASG also operates based on HTTP Client Connection which is typically: Licensed User Count * 5. An ASG with 1000 Licensed User Count for example would therefore support 5000 HTTP Client Connection.
HTTP Client Connection information can be obtained from the advanced URL https://<SG-IP>:8082/HTTP/Statistics and the 2 stats of interest would be:
Maximum acceptable concurrent client connections Currently established client connections
Subsequent client connection to the ASG would be queued if the "Currently established client connections" has reached the "Maximum acceptable concurrent client connections". Summary of the client connections can be obtained from the advanced URL: https://<SG-IP>:8082/TCP/Users in the "Active User List" section. This section provides a summary for each client IP address and would be very useful to isolate 'suspicious' clients which utilize abnormally large number of connections
Details of each connection (Client IP and Port, Server IP and Port and Connection State) can be accessed from the advanced URL: https://<SG-IP>:8082/TCP/Connections if further investigation is required
Imported Document ID: 000030221
Subscribing will provide email updates when this Article is updated. Login is required.