Overview
Log files are showing high amounts of the following messageNov 30 14:45:09 kernel: [9606158.589811] nf_conntrack: table full, dropping packet
Nov 30 14:45:09 kernel: [9606158.969265] nf_conntrack: table full, dropping packet
Nov 30 14:45:09 kernel: [9606158.969283] nf_conntrack: table full, dropping packet
Cause
Message is caused when the appliance has more connections then it can process and can be caused by multiple issues;1 - This could be symptoms of a SYN flood on the network.
2 - The license on the appliance may be incorrect
Resolution
1 - Verify with TCPDump if there is an active SYN flood and perform actions to mitigate traffic from the IP(s) in question2 - Verify that the license on the appliance is licensed for the correct number of Max Connection sold to client
Internal Notes
- there was an issue with the 3062s where the license had a typo- max connections were set to 15,000 and should have been 150,000
- this has been updated in the license database and most devices will get the update when the check for a new license next time