Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What is the meaning of TSIG Session Rate Exceeded?

0

0

Article ID: KB21104 KB Last Updated: 04 Mar 2017Version: 2.0
Summary:
This article provides the meaning of TSIG Session Rate Exceeded.
Symptoms:
Environment:
  • Customer is receiving an alert message - TSIG Session Rate Exceeded in the NSM log viewer.

  • Customer has configured the session rate monitoring in the traffic anomaly rulebase:

Cause:

Solution:
We will see this alert in the NSM log viewer, if the session rate monitoring in traffic anomaly rulebase is enabled and the number of sessions from a specific host is increasing beyond the configured threshold value within a second.

If we have enabled session rate monitoring for a specific host, the IDP sensor will monitor the number of session for that host. If the number of sessions from that host exceeds the configured threshold value within a second then the TSIG Session Rate Exceeded alert will be generated.

Make sure that the customer has not enabled the session rate monitoring in a rule for all hosts and all destination rulebases (any rulebase). If that is the case then the customer might see this error very frequently, based on the threshold value they have configured.

The image below is the configuration on the NSM for session rate monitoring in the traffic anomaly rulebase.





As per the above configuration, the customer has configured the Session Rate threshold value as 100 in any rulebase; so when the IDP has more than a hundred sessions within a second, the second IDP will generate a log message.

So, this alert can be ignored by fine tuning the session rate monitoring threshold or configuring it properly.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search