D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: xavierbt on September 16, 2011, 02:52:01 AM

Title: DFL-800 Connections used
Post by: xavierbt on September 16, 2011, 02:52:01 AM

Hi all,

Is possible to know all the connections established by the firewall in a fashion that you can know which connections are used ordered by ip ?

The gui is useless, and the console command: connections -show -num=20000 is useless too because you can get the output ordered by souce or destination ip.

From time to time and for short periods of time (some minutes) i get an unusual high number of network connections and the firewall looks useless to clarify me from/to ip are using this connections to know if the problem is an inside computer running some uncontrolled software, or the trouble came from outside (am i attacked?).

Any advice ?


regards

xavier

Title: Re: DFL-800 Connections used
Post by: danilovav on September 16, 2011, 01:08:26 PM

As i know, no way to get such information without additional software
But, you can possibly prevent your issue - change (decrease) System > Advanced settings > Conn. Timeout Settings > TCP idle timeout. Usually i use value between 900 and 1800

Title: Re: DFL-800 Connections used
Post by: xavierbt on September 22, 2011, 02:51:48 AM

Hi danilovav,

The problems is no timeout related. The connections are usually around 200-300 and increases to 2000-3000 connections for 5 to 10 minutes and restores to 200-300 in few minutes. During this peak period internet access gets slow, so i need to who (ip) is increasing firewall connections.

What additional software did you think about ?

Title: Re: DFL-800 Connections used
Post by: danilovav on September 22, 2011, 07:20:16 PM

I didnt saw such software, but i've made some similar tool ,so probably it can be used
Next week (maybe more) i will go to biztrip, but after i will try to change my application...