Flows

The firewall in Internet Gate uses flows to be able to stateful inspect data streams. Each new data stream to be inspected uses one flow to track what state the data stream is in. If the data stream is bi-directional then two flows are used – one in each direction.

Once the data stream is closed the flow is returned for new usage (after a one-minute timeout). If the flow is unused – no data is transmitted during a period of time – the flow is closed due to inactivity timeout. (Read here about how to change inactivity timeouts.)

If the firewall runs out of flows no more data streams can be opened through it until any of the old data streams are closed and the flows returned for re-usage. This results in data not being able to pass the firewall.

Internet Gate can have between 500 and 5000 reserved flows. Factory default is 2000 reserved flows – meaning up to 2000 flows can be open at the same time through the firewall.

However, flows consume memory and resources in your Internet Gate. Having reserved too many flows may reduce overall performance.

It is very difficult to give a “typical” number of flows a PC consumes – it depends extremely much on what programs are running on that PC. A PC used for typical web browsing and e-mail seldom uses more than 300 flows simultaneously – usually two flows are consumed for each web page opened, and each picture on that web page loaded. However, one single PC running certain peer-to-peer programs may use 3 000 flows alone.

If you experience problems with basic applications such as web browsing not being able to pass through the firewall from time to time you should check if you have reserved enough flows on the security page.