Troubleshooting: "The cache is full; xxx open connections; some will be dropped"

This is a scenario article based on a customer case. In this scenario, the customer has two SonicPoints connected to the SonicWall appliances NSA 240. Since upgrading to SonicOS Enhanced 5.9.1.0-18o on NSA 240, it is unable to open new connection to the internet and error "The cache is full; xxx open connections; some will be dropped" are displayed in the log.

Step 1. Download the TSR. check the cache table status.
The firewall is reporting that connections from network reached a high of 7541 connections and since the current configuration allows a max of 7500 connections it triggers cache full messages and resulting dropped packets.

Step 2. To identify the high number of connections is normal or not go to System | Diagnostics. Select  Connections Monitor under Diagnostic Tools drop down menu | Export Results in .csv format with limit output set to 7500 connections. Open the file and sort the connections using source IP figure out the sources of those excessive connections.

Step 3. Search the sources in the address objects and groups, in this case, those sources are in the All Rogue Devices group.

Step 4. Go to SonicPoint | Advanced IDP make sure both of the features "Enable Wireless Intrusion Detection and Prevention" and "Block traffic from rogue AP and its associated clients" are checked.

If those sources are in the Rogue Devices group but still displayed in connection monitor you need upgrade to the latest general release firmware that is found at mysonicwall.com. Navigate to Downloads | Download Center to located the appropriate firmware for the appliance in question.

If those sources are not in the Rogue Devices group but with excessive connections. you can make corresponding "connection limit" in firewall access rule.