One of the benchmarking item of the firewall device is the maximum concurrent connection that it can support.
I have some question about:
1- what does exactly mean maximum concurrent connection (session) and why is important (performance considerations or memory considerations) ?
2- When a new entry and where is created in linux and what tools create this entry ?

3- again, When a new entry is created (for example for TCP by SYN-packets or syn, syn-ack and ack packets)?
4- if we just send a syn packet, one entry is created in connection table, is it correct ?

Hi,

I will try to answer your questions from what I know of firewall.

1- A firewall works at the border of internal network (your LAN) and an external one (Internet). When for example an internal machine tries to go to Internet, the FW will mask the internal IP address while forwarding the request out on Internet. The FW will keep track of the mapping between the internal IP (and random original port) and its external IP (and its also random and original port), in order to be able to redirect correctly the responses back. So the maximum concurrent connection is the mximum size of that mapping table. It is important because that the core of FW function. Obviously the mapping table is held in memory, and somehow handled by the processor. So it has impacts on both.
2- In Linux the FW function is handled by the kernel. While iptables of firewall-cmd (or firewalld) are command tool to ease the addressing to the kernel. The entry are created when the connection is established, and destroyed when it ends.
3- I think it is at the SYN from the client.
4- Yes. And if there is no response, it should time out and get cleaned.