Thursday, June 25, 2009

Firewall Troubleshooting: Looking For Round Numbers

A recent firewall issue reminded me of a co-worker's observation: look for round numbers.

Most firewalls - and many network devices - have a maximum session count. In our case, we had a maximum number of IP filter sessions which hadn't been hit during years of service. When reports of connection issues started to crop up, we went through our normal troubleshooting process - starting at the endpoints then tracking the traffic inwards.

In the end, a co-worker noticed that our IP filter use was at exactly 1500 - a suspiciously round number, and unsurprisingly enough the exact number set in the configuration for the device.

A simple fix later, we were able to restore connections and start troubleshooting what had opened so many new connections.

The moral of the story: use logging, and check for round numbers in your dashboards!

No comments: