HIGH SESSION UTILIZATION IN SRX 1400

Hi,

I have a SRX 1400 where I have 1 NPC+SPC. Version is 12.1R5.5 which is very old so I can't go on expanding SPC.

In cp session i can see below which points that max session are 1048576. However in flow session I can see only 50%.

show security flow cp-session summary

Valid sessions: 499207
Pending sessions: 4312
Invalidated sessions: 11596
Sessions in other states: 0
Total sessions: 515115
Maximum sessions: 1048576
Maximum inet6 sessions: 524288

node1:
--------------------------------------------------------------------------

Valid sessions: 0
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Total sessions: 0
Maximum sessions: 1048576
Maximum inet6 sessions: 524288

show security flow session summary
node0:
--------------------------------------------------------------------------

Flow Sessions on FPC1 PIC0:
Unicast-sessions: 497112
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 2897834221
Sessions-in-use: 506030
  Valid sessions: 496335
  Pending sessions: 1
  Invalidated sessions: 9694
  Sessions in other states: 0
Maximum-sessions: 524288

node1:
--------------------------------------------------------------------------

Flow Sessions on FPC1 PIC0:
Unicast-sessions: 0
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 0
  Valid sessions: 0
  Pending sessions: 0
  Invalidated sessions: 0
  Sessions in other states: 0
Maximum-sessions: 524288

What i feel that 50% is used by inet6. Can you confirm.

If it is used by inet6 then i see below which means inet6 is not configured:-

show security flow status
node0:
--------------------------------------------------------------------------
  Flow forwarding mode:
    Inet forwarding mode: flow based
    Inet6 forwarding mode: drop
    MPLS forwarding mode: drop
    ISO forwarding mode: drop
  Flow trace status
    Flow tracing status: off

node1:
--------------------------------------------------------------------------
  Flow forwarding mode:
    Inet forwarding mode: flow based
    Inet6 forwarding mode: drop
    MPLS forwarding mode: drop
    ISO forwarding mode: drop
  Flow trace status
    Flow tracing status: off

How to check how 50% of inet6 sessions are reserved? What can be done in order to use whole cp session in flow session ?

Thanks in advance