What happens when the concurrent-users license limit on the ProxySG has been exceeded?

book

Article ID: 167241

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

By default, when the concurrent-users license limit is exceeded on the ProxySG no action is taken. In other words, this limit can be exceeded without impacting user production. However, this is the default setting which can be modified to either bypass or queue excessive connections.

Resolution

Determining Behavior When User Limits are Exceeded

You can specify what happens when more users simultaneously connect through the ProxySG appliance (overflow connections) than is allowed per the model license. Options include:

  •  Bypass the system - All connections exceeding the maximum are passed through the system without processing. 
  •  Queue connections -  All connections exceeding the maximum are queued, waiting for another connection to drop off.
  •  Do not enforce the licensed user limit - This is the default option for hardware appliances. This allows for unlimited connections; however, exceeding the license limit triggers a health monitoring event. This option is not available for virtual appliances because the ProxySG VA always enforces the licensed user limit. 

To specify what occurs when during an overflow of connections:

  1. Navigate to Configuration > Proxy Settings > General.
  2. In the User Overflow Action area, select an action that occurs when the licensed user limits are exceeded:
  • Do not enforce licensed user limit is the default.
    • Unlimited user connections are possible. If the limit is exceeded, the appliance health changes to CRITICAL. This option is not available on the ProxySG VA because licensed user limits are always enforced.
  • Bypass connections from users over license limit.
    • Any transaction from a user whose connection exceeds the licensed limit is not susceptible to policy checks or any other ProxySG benefit, such as acceleration. This option provides the best user experience (with the caveat of potentially slower performance), but presents a Web security risk. This is the default option for the ProxySG VA. 
  • Queue connections from users over license limit.
    • Any transaction from a user whose connection exceeds the licensed limit must wait (in order) for an available ProxySG connection. This option provides the lowest user experience (and users might become frustrated and, perceiving a hang, might attempt request refreshes), but preserves Web security policies. 

       3. Click Apply.