Getting parameters and statistics about the SSL proxy

1. Log on to the firewall in SSH.
2. Enter one of the following commands:

   nmemstat –s
   - or -
   sysctl hw.physmem

In this example, the firewall has 2 GB of memory.

1. Log on to the firewall in SSH.
2. To get the connection parameters, enter the following command: tproxyd -s ssl

   

   In this example:

   • The maximum number of connections allowed for the SSL proxy is 150.
   • Buffer memory starts to decrease above 75 connections.
3. To find out the amount of memory that the SSL proxy uses, enter the following command: nmemstat –a

   

   In this example, the SSL proxy uses 177 MB of memory.

To optimize the SSL proxy, it would be helpful to obtain statistics on the number of simultaneous SSL connections on your firewall. If this number is close to or often exceeds the maximum allowed by the SSL proxy, the firewall's performance may drop drastically. You are therefore advised to optimize the SSL proxy as recommended in the section Restricting the use of the SSL proxy.

Finding out the number of simultaneous SSL connections

1. Log on to the firewall in SSH.
2. Enter the following command to list out the number of filtered TCP connections open on port 8084:
netstat -np tcp | grep 8084 |wc -l

In this example, there are 97 simultaneous connections.

Getting statistics on SSL connections

Two articles in the Stormshield Knowledge base provide explanations on how to obtain statistics for a given period:

• How can I enable proxy statistics?
• Proxy statistics understanding

To access the Knowledge base, use the ID for your MyStormshield personal area.

Alternatively, you can use an SNMP monitoring tool such as Nagios to obtain information about the tproxyd process, CPU, memory, etc. For more information, refer to the section MIBs and SNMP Traps in the SNS User Manual.