User Count and HTTP Connection Count in Advanced Secure Gateway (ASG)

book

Article ID: 169005

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG

Issue/Introduction

The Advanced Secure Gateway (ASG) operates based on Licensed User Count and HTTP connection count. When the Concurrent User Count reaches the Licensed User Count limit, the ASG would either bypass or queue subsequent user's connection. This is configurable and the default is queue:

MY_ASG#(config general)user-overflow-action ?
 bypass           Bypass the proxy when user limit is reached
 queue            Queue users when user limit is reached

Resolution

The User Count (measured based on unique client IP) can be obtained from the GUI or an advanced URL

1) GUI: Management Console > Proxy > Statistics > System > Resources > Concurrent Users

2) Advanced URL: https://<SG-IP>:8082/TCP/Users

The advanced URL contains comprehensive information and details for each client connection

   User overflow action
   Maximum number of concurrent users allowed <-------- Licensed User Count
   Number of concurrent users
   High watermark for concurrent users
   Number of users in queue
   High watermark for users in queue
   Number of queued users activated
   User high watermark for PDM
   Number of proxy users time-out in queue
   Number of ADN users time-out in queue
   Number of allocations for queued users
   Number of queued connections
   Number of queued explicit connections

Apart from the Licensed User Count, the ASG also operates based on HTTP Client Connection which is typically: Licensed User Count * 5. An ASG with 1000 Licensed User Count for example would therefore support 5000 HTTP Client Connection.

HTTP Client Connection information can be obtained from the advanced URL https://<SG-IP>:8082/HTTP/Statistics and the 2 stats of interest would be:

  Maximum acceptable concurrent client connections
  Currently established client connections

Subsequent client connection to the ASG would be queued if the "Currently established client connections" has reached the "Maximum acceptable concurrent client connections". Summary of the client connections can be obtained from the advanced URL: https://<SG-IP>:8082/TCP/Users in the "Active User List" section. This section provides a summary for each client IP address and would be very useful to isolate 'suspicious' clients which utilize abnormally large number of connections


Details of each connection (Client IP and Port, Server IP and Port and Connection State) can be accessed from the advanced URL: https://<SG-IP>:8082/TCP/Connections if further investigation is required