Limiting sessions

We have the same thing almost. I am trying to load balance to a number of SSL VPN devices, and need to limit the sessions to 2500 users per box. We have also learned that the connection limit is based on pure TCP sessions. We've also found that each user will open up a number of TCP sessions with the tunnel, apps, etc. So "connection limit" will not work because we'd have to guess at that number.

 

 

So to kind of give you toconnor a few ideas that we've come across: 1) Use SNMP. We've got the MIBs from our SSL boxes (Juniper to be exact), and one of those is the number of concurrent users. So we're thinking that if we can pull that, and write some sort of iControl to say if it's less than x users, keep it in the pool. If it's above that limit, pull it out. 2) Https healcheck. Have it actually try to do a login via https, and if it can (meaning the users limit isn't maxed out on the SSL box), then keep it in the pool.

 

 

I hope someone else can reply with how to actually do this myself, which is why I'm responding.