https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205935#M348074 <HTML><HEAD></HEAD><BODY><P> Hi Thanks.&nbsp; The threshold I was speaking of would be on the monitoring system (when to alert on)</P></BODY></HTML> Thu, 13 Jun 2013 17:44:27 GMT e.craig 2013-06-13T17:44:27Z https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205933#M348072 <P>Hi,</P><P>I am getting alert on high discard rates on FW interfaces via a monitoring tool.&nbsp; Just want to validate if the packets dropped by ACL's are also contributing to the high discard rate counter?&nbsp; If this is the case what would be an acceptable threshold to set High Discard rate on FW interfaces to insure I do not miss an actual issue regarding high discard rate. "Interface::I-Interface_Performance_CiscoRouter_Ethernet-IF-XXX-XXXX-SEC/4::HighDiscardRate"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Tue, 12 Mar 2019 01:57:41 GMT https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205933#M348072 e.craig 2019-03-12T01:57:41Z https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205934#M348073 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>The packet-drop being seeing on the ASA interfaces are related to the security checks being done by the firewall (involves Inspections, ACLs, RPF checks, etc) so there is no treshold, it will all depends on how much traffic u are receiving on your ASA.</P><P></P><P>Regards,</P><P></P><P></P><P>Remember to rate all of the helpful posts. <BR /> <BR />For this community that's as important as a thanks.</P></BODY></HTML> Thu, 13 Jun 2013 17:31:16 GMT https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205934#M348073 Julio Carvajal 2013-06-13T17:31:16Z https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205935#M348074 <HTML><HEAD></HEAD><BODY><P> Hi Thanks.&nbsp; The threshold I was speaking of would be on the monitoring system (when to alert on)</P></BODY></HTML> Thu, 13 Jun 2013 17:44:27 GMT https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205935#M348074 e.craig 2013-06-13T17:44:27Z https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205936#M348075 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Well, that would depend again of the enviroment you have there,</P><P></P><P>As an example I would not focus much on ACL drops logs ( as they are already being denied, altough it will let you know what traffic is trying to reach ur network) but the treshold would be way higher based on the fact that is common to drop a lot of traffic via an ACL.</P><P></P><P>But I do not have a specific treshold that I could provide as it will depend on the enviroment.</P><P></P><P>Remember to rate all of the helpful posts. <BR /> <BR />For this community that's as important as a thanks.</P></BODY></HTML> Thu, 13 Jun 2013 17:49:32 GMT https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205936#M348075 Julio Carvajal 2013-06-13T17:49:32Z https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205937#M348076 <HTML><HEAD></HEAD><BODY><P> Thank you for your feedback, much appreciated</P></BODY></HTML> Thu, 13 Jun 2013 17:51:30 GMT https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205937#M348076 e.craig 2013-06-13T17:51:30Z https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205938#M348077 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Do u have any other question?</P><P></P><P>Otherwise u can mark the question as answered</P><P></P><P></P><P>Remember to rate all of the helpful posts. <BR /> <BR />For this community that's as important as a thanks.</P></BODY></HTML> Thu, 13 Jun 2013 17:56:52 GMT https://community.cisco.com/t5/network-security/high-discard-rate-on-a-fw-interface/m-p/2205938#M348077 Julio Carvajal 2013-06-13T17:56:52Z