diff --git a/puppet/zulip_ops/manifests/profile/prod_app_frontend.pp b/puppet/zulip_ops/manifests/profile/prod_app_frontend.pp
index 3bc2932e10..83ec6d6e53 100644
--- a/puppet/zulip_ops/manifests/profile/prod_app_frontend.pp
+++ b/puppet/zulip_ops/manifests/profile/prod_app_frontend.pp
@@ -3,6 +3,11 @@ class zulip_ops::profile::prod_app_frontend {
   include zulip_ops::app_frontend
   include zulip::hooks::zulip_notify
 
+  $conntrack_max = zulipconf('application_server', 'conntrack_max', 262144)
+  zulip::sysctl { 'conntrack':
+    content => template('zulip/sysctl.d/40-conntrack.conf.erb'),
+  }
+
   file { '/etc/nginx/sites-available/zulip':
     ensure  => file,
     require => Package['nginx-full'],
diff --git a/puppet/zulip_ops/templates/sysctl.d/40-conntrack.conf.erb b/puppet/zulip_ops/templates/sysctl.d/40-conntrack.conf.erb
new file mode 100644
index 0000000000..f7c2103f62
--- /dev/null
+++ b/puppet/zulip_ops/templates/sysctl.d/40-conntrack.conf.erb
@@ -0,0 +1,2 @@
+# Increase conntrack kernel table size
+net.nf_conntrack_max=<%= @conntrack_max %>