To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Internet gatekeeper for Linux - exhausting max. number of connections (pre_spawn)

hansemann W/ Alumni Posts: 2 Security Scout

Hi there,


We are facing some issues with Internet Gatekeeper for Linux 4.07.3280. The error log of FSIGK HTTP daemon shows the following errors and users using the proxy complain about web pages not opening.


###ERROR### Maximum connections: warning: Client connections reached maximum connections(1250). More request will be blocked/rejected. If there is many warnings, please increase 'Maximum Connections' settings(pre_spawn value of fsigk.ini) of this service. (200 will be good value as start line).


We had the issue already some time ago and it was raised with F-Secure support. It was recommended to upgrade from 4.04 to 4.07 at this time but since we are running latest version of FSIGK for Linux we can just increase pre_spawn value further. Currently it has been increased to 2000 which is 10x the proposed value. The above connections has been created by an office of 10 users.


I know today's web browsers open a number of parallel streams but I can't imagine any of our users creating on average 125 simultaneous connections via HTTP/HTTPS.


Any recommendation would be appreciated.


Best regards,







  • Peter
    Peter W/ Alumni Posts: 127 Threat Terminator

    My recommendation is to create a support ticket as troubleshooting similar issues requires more information to understand the problem ... and provide a solution or workaround.

    If possible, attach the fsdiag file to your ticket created when the issue with the error "Maximum connections:warning" was occurring.


    To create the fsdiag:


    # cd /opt/f-secure/fsigk ; make diag


    To create the support ticket, go here.

  • hansemann
    hansemann W/ Alumni Posts: 2 Security Scout

    Thanks, Peter. I have created a support ticket and provided the fsdiag as suggest. Will see what comes out from this.

This discussion has been closed.