We are using Watchguard version T35-W. When our system is under heavy load, we sometimes see active TCP client connections are dropped and become black holes. We think that this has something to do with the Per Client Quota global setting. We believe this because we see a message in our logs like this:
Feb 13 11:06:59 FW02 T35-W (2019-02-13T17:06:59) firewall: msg_id="3000-0148" Deny 2-YYY 60 tcp 20 63 XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX 50714 6379 offset 10 S 1127942690 win 29200 msg="ddos client quota" route_type="PBR" (Internal Policy)
Port 6379 is an active TCP connection to our redis database that became a black hole. We are wondering if simply changing the "Per Client Quota" would avoid this problem, but we are confused as to why an active connection became a black hole.
