https://community.cisco.com/t5/network-security/security-breach/m-p/2685985#M190806 <P>Hi,</P><P>This means that Firewall is dropping an out-of-order packet. This shows firewall is working fine. There might be a lot of tcp out-of-order packets coming on the firewall and tcp reassembly buffer might&nbsp;getting filled up.</P><P>Default Queue length&nbsp;is 16 per session. You could try increasing the queue length,&nbsp;timeout value and see if you still receive&nbsp;these logs&nbsp;or else you need to&nbsp;look for reason for out-of-order packets in your network.</P><P>Go through the below link. It would give you detail understanding of the issue and configuration assistance :</P><P>http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/ht_ooop.html</P><P>&nbsp;</P><P>Please let me know if you have any query on this.</P><P>&nbsp;</P><P>Regards,</P><P>Akshay Rastogi</P><P>&nbsp;</P> Thu, 11 Jun 2015 05:30:51 GMT Akshay Rastogi 2015-06-11T05:30:51Z https://community.cisco.com/t5/network-security/security-breach/m-p/2685984#M190805 <P>Hello,</P><P>I just setup a firewall on a series 800 router and shortly after the following message was displayed;</P><P>Jun 10 00:11:32.814: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:1890440221 146<BR />0 bytes is out-of-order; expected seq:1890416081. Reason: TCP reassembly queue o<BR />verflow - session my_internal_ip:53513 to intercepted_ip:80</P><P>Does this mean the firewall is doing it's job, and has disallowed access, or does this mean my</P><P>configuration is incorrect?</P> Tue, 12 Mar 2019 06:04:34 GMT https://community.cisco.com/t5/network-security/security-breach/m-p/2685984#M190805 digbym650 2019-03-12T06:04:34Z https://community.cisco.com/t5/network-security/security-breach/m-p/2685985#M190806 <P>Hi,</P><P>This means that Firewall is dropping an out-of-order packet. This shows firewall is working fine. There might be a lot of tcp out-of-order packets coming on the firewall and tcp reassembly buffer might&nbsp;getting filled up.</P><P>Default Queue length&nbsp;is 16 per session. You could try increasing the queue length,&nbsp;timeout value and see if you still receive&nbsp;these logs&nbsp;or else you need to&nbsp;look for reason for out-of-order packets in your network.</P><P>Go through the below link. It would give you detail understanding of the issue and configuration assistance :</P><P>http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/ht_ooop.html</P><P>&nbsp;</P><P>Please let me know if you have any query on this.</P><P>&nbsp;</P><P>Regards,</P><P>Akshay Rastogi</P><P>&nbsp;</P> Thu, 11 Jun 2015 05:30:51 GMT https://community.cisco.com/t5/network-security/security-breach/m-p/2685985#M190806 Akshay Rastogi 2015-06-11T05:30:51Z