Apr 04, 2023

Inet port exhaustion on <ip_address> to <ip_address:port> (proto <protocol>) issue

The SNAT IP expansion described in is not applicable in this case, as there is no SNAT in the VS configuration. The recommended actions written on the article above are applicable mostly to typical configurations with a (standard) VS using SNAT (either Automap or SNAT pool). But, in case of AFM, it is not applicable.

The other option to solve the issue is to reduce or lower the value idle-timeout value that is too 'long'. Saving flow connections during 1 complete day seems to cause issues for its intended destination.

However, the second option may pose problems as there are possibly long lived connections. Is there any other way to solve the issue? 

3 Replies