topic hi i have sent you a pm mate in Network Security

cisco 2851 firewall issues

CrazyxRascal — Tue, 12 Mar 2019 07:53:23 GMT

hi i am getting some firewall issues i am getting this error

Cisco(config)#$
*Jun 15 14:28:16.927: %APPFW-4-HTTP_PROTOCOL_VIOLATION: HTTP protocol violation (0) detected - resetting session 173.241.240.220:80 192.168.1.45:63831 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-http-blockparam
*Jun 15 14:28:43.191: %APPFW-4-HTTP_METHOD: HTTP method (post) matched - resetting session 192.168.1.17:53477 52.29.96.121:80 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-app-httpmethods
*Jun 15 14:28:57.199: %APPFW-4-HTTP_DEOBFUSCATION: Deobfuscation signature (15) detected - resetting session 192.168.1.45:64146 2.18.213.106:80 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-http-blockparam
*Jun 15 14:29:13.443: %APPFW-4-HTTP_METHOD: HTTP method (post) matched - resetting session 192.168.1.17:53642 52.28.130.45:80 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-app-httpmethods
*Jun 15 14:29:44.639: %APPFW-4-HTTP_DEOBFUSCATION: Deobfuscation signature (16) detected - resetting session 192.168.1.45:64219

https://gyazo.com/60115023b458ac061d791d5a4fc106b9

is this normal ? it not slowing the internet down or anything ? sorry i am new to this .

also i am getting this

hey

Mark Malone — Wed, 15 Jun 2016 15:43:41 GMT

hey

from the screenshot your queue has filled , you need to increase it defaults can be very low , increase it bit by bit until the logs stop sending that message

depending what way its configured theres a couple of ways to increase it

ip inspect tcp reassembly queue length xxx

tcp reassembly queue length xxx

ip inspect tcp reassembly

To set parameters that define how Cisco IOS Firewall application inspection and Cisco IOS Intrusion Prevention System (IPS) will handle out-of-order TCP packets, use the ip inspect tcp reassembly command in global configuration mode. To disable at least one defined parameter, use the no form of this command.

ip inspect tcp reassembly {[queue length packet-number] [timeout seconds] [memory limit size-in-kb] [alarm {on | off}]}

no ip inspect tcp reassembly {[queue length] [timeout] [memory limit]}

Syntax Description


queue length packet-number	Maximum number of out-of-order packets that can be held per queue (buffer). (There are two queues per session.) Available value range: 0 to 1024. Default value: 16. Note If the queue length is set to 0, all out-of-order packets are dropped; that is, TCP out-of-order packet buffering and reassembly is disabled.
timeout seconds	Number of seconds the TCP reassembly module will hold out-of-order segments that are waiting for the first segment missing in the sequence. After the timeout timer has expired, a retry timer is started. The value for the retry timer is four times the configured timeout value.
memory limit size-in-kb	Maximum memory use allowed by the TCP reassembly module.
alarm {on \| off}	If enabled, a syslog message is generated when an out-of-order packet is dropped. Default value: on

hi i have sent you a pm mate

CrazyxRascal — Wed, 15 Jun 2016 15:51:51 GMT

hi i have sent you a pm mate