On a 7206VXR running 12.3(13)a, a 'show ip inspect statistics' reveals: Interfaces configured for inspection 65 Session creations since subsystem startup or last reset 334621 Current session counts (estab/half-open/terminating) [1534:63:0] Maxever session counts (estab/half-open/terminating) [1676:314:27] Last session created 00:00:00 Last statistic reset 11:53:44 Last session creation rate 978 Last half-open session total 1274
The ip inspect configuration is: Session audit trail is disabled Session alert is enabled one-minute (sampling period) thresholds are [3500:4000] connections max-incomplete sessions thresholds are [2000:2500] max-incomplete tcp connections per host is 300. Block-time 0 minute. tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec tcp idle-time is 3600 sec -- udp idle-time is 30 sec dns-timeout is 5 sec
I had to increase the values for the max-incomplete low and high from
1200:1500, since previously the 'show ip inspect statistics' was returning 'Half-open sessions or session creation rate exceeded'. Is there a way to view the full table of half-open sessions? A 'show ip inspect sessions' only returns the sessions seen in the current session counts. And is there a way to clear said table, in the same manner as clearing the nat table?