Maximum number of sessions on a firewall

2

For the USG2000&5000 series, it supports a maximum of 2 million concurrent sessions in firewall mode or 1 million concurrent sessions in UTM mode.
For the USG6000 series, the maximum number of sessions varies with models:
USG6310/6320/6510-SJJ: 500,000
USG6330/6350/6360/6530: 3,000,000
USG6370/6380/6390/6550/6570: 4,000,000
USG6650/6660/6670: 10,000,000
USG6680: 12,000,000
NGFW Module: 10,000,000

Other related questions:
How Many Firewalls Can a User Have?

A user can have a maximum of 200 firewalls. It is recommended that you configure a maximum of 20 inbound or outbound rules for each firewall. If more than 20 inbound or outbound rules are configured, the forwarding performance will deteriorate.


The USG firewall configures the maximum number of concurrent SSL VPNs
USG firewall configuration ssl vpn maximum number of concurrent users V-gateway cur-max-user Use the v-gateway cur-max-user command to modify the maximum number of concurrent users of the virtual gateway. By default, the maximum number of concurrent users is the number of concurrent users available for the system license. Use the undo v-gateway cur-max-user command to delete the maximum number of concurrent users and restore the default value. Command format V-gateway v-gateway-name cur-max-user cur-max-user Undo v-gateway v-gateway-name cur-max-user Parameter Description V-gateway-name virtual gateway name. Cur-max-user cur-max-user The maximum number of concurrent users that a virtual gateway can connect to. user's guidance The number of concurrent users supported by the USG is controlled by the system license. The number of virtual gateway concurrent users created by each virtual gateway is limited by the total number of concurrent users. The maximum number of concurrent users of the virtual gateway is less than the maximum number of virtual gateway users. By default, the maximum number of concurrent users of a virtual gateway is as follows: If the virtual gateway has set the number of concurrent users, then the number of concurrent users of the new virtual gateway is the number of concurrent users available for the system license. If no virtual gateway has set the number of concurrent users, the number of concurrent users of the new virtual gateway is the number of concurrent users allowed by the system license. Use examples System-view [Sysname] v-gateway abc cur-max-user 20 // modify the virtual gateway abc maximum number of concurrent users to 20.

Maximum number of concurrent SSL VPN connections on the firewall
Configuring the maximum number of concurrent SSL VPN users on the USG v-gateway cur-max-user The v-gateway cur-max-user command modifies the maximum number of concurrent users supported by a virtual gateway. By default, the maximum number of concurrent users is the number of concurrent users available as specified by the system license. The undo v-gateway cur-max-user command restores the maximum number of concurrent users to the default value. Syntax v-gateway v-gateway-name cur-max-user cur-max-user undo v-gateway v-gateway-name cur-max-user Parameter Description v-gateway-name Virtual gateway name cur-max-user cur-max-user Maximum number of concurrent users supported by a virtual gateway Usage Guide The maximum number of concurrent users supported by the USG is controlled by the license. The license also limits the total number of concurrent users on virtual gateways of the USG. The maximum number of concurrent users on virtual gateways should be smaller than that of users on virtual gateways. By default, the maximum number of concurrent users on virtual gateways falls into the following situations: If a concurrent user limit is set for virtual gateways, the maximum number of concurrent users on the new virtual gateway is the number of remaining concurrent users of the system license. If no concurrent user limit is set for virtual gateways, the maximum number of concurrent users on the new virtual gateway is the number of concurrent users allowed by the system license. Example system-view [sysname] v-gateway abc cur-max-user 20 //Set the maximum number of concurrent users on virtual gateway abc to 20.

Session table query on a firewall
You can query the session table on the web UI and CLI. For the USG6000 series, on the web UI, choose Monitor > Session Table to query the session table and NAT detailed information. For the USG2000&5000 series, on the web UI, choose Firewall > Monitor > Session Table to query the session table. For the USG2000&5000 and USG6000 series, you can run the display firewall session table command to view the session table, or run the display firewall session table nat command to view the NAT session table.

Firewall session aging time
Generally, you can use the default aging time of the session table. To change the aging time of the session table for a specific protocol type, run the firewall session aging-time command. For the USG2000&5000 series, you can set the service aging time on the web UI. On the web UI, choose Firewall > Service > Service Aging Time. To view the aging time of the session entries of all traffic in the current system, you can run the display firewall session aging-time command.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top