Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS/IDP] What is the meaning of "TSIG Session Rate Exceeded'?

0

0

Article ID: KB21112 KB Last Updated: 04 Mar 2017Version: 3.0
Summary:
This article provides information about the meaning of TSIG Session Rate Exceeded.
Symptoms:
Environment

A customer receives the TSIG Session Rate Exceeded alert message in the NSM log viewer. The customer has configured the session rate monitoring in the traffic anomaly rule base:

Cause:

Solution:
This alert is found in the NSM log viewer, if session rate monitoring is enabled in the traffic anomaly rule base and the number of sessions is increasing beyond the configured threshold value. If session rate monitoring for a specific host is enabled, the IDP sensor will monitor the number of sessions for that host. If the number of sessions from that host exceeds the configured threshold value in session monitoring, then the TSIG Session Rate Exceeded alert is generated.

Make sure that the customer has not enabled session rate monitoring in a rule for all hosts and all destination rule bases (any rule base). If this is the case, then the customer might see this error very frequently; based on the configured threshold value. The following image illustrates the configuration on NSM for session rate monitoring for the traffic anomaly rule base:



In the above image, the customer has configured the threshold value as 100 for the session rate in any rule base; so, when the IDP device has sessions that are more than hundred, it will generate a log message. So, this alert can be ignored, based on fine tuning the session rate monitoring threshold or configuring it in a proper way.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search