https://community.cisco.com/t5/network-security/asa-fwsm-abundance-of-syn-timeouts/m-p/1843237#M491380 <HTML><HEAD></HEAD><BODY><P>Hope you don't mind a gentlewonan's response <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P>SYN timeout syslogs are generated when the firewall doesn't receive a response for SYN that it passed through. It appears that the server may be responding back with a SYN ACK late (after 20 seconds ) or not at all.</P><P>If it responds late, then you would also see syslog 106015 messages.</P><P></P><P>-Kureli</P></BODY></HTML> Fri, 09 Dec 2011 14:11:25 GMT Kureli Sankar 2011-12-09T14:11:25Z https://community.cisco.com/t5/network-security/asa-fwsm-abundance-of-syn-timeouts/m-p/1843236#M491379 <P>Gentlemen,</P><P></P><P>Firewall'ing and FW-forensic is not my primary area of expertise, so forgive my ignorance.</P><P></P><P>When browsing through the collected syslogs from our firewalls (FWSM/ASA), I'm seeing an abundance of SYN Timeouts. There's no specific pattern here, e.g. specific host or service, time of day etc. I can pick any day of the week and select a random host/service and simply search for the string "SYN" and I will almost surely get a significant number of hits.</P><P></P><P>Now, I'm not really looking for solution, as we've pretty much ruled out the possibility of misconfiguration. We've gone through potential problems with regards to TCP-connections limitations, timeout values, routing etc. But nothing seems to be misconfigured.</P><P></P><P>So my question to you gentlemen is: Is what I'm seeing typical or even expected behaviour? Since my server- or application teams are not screaming their lungs out with "slow network", this apparently does not cause severe performance degredation. I'm just surprised by the volume of SYN timeouts, but then again, browsing through the FW-syslogs is not really part of my everyday work. Can something like this be the result of theh fact that the volume of application traffic exceeds the capacity of the servers and that this i more a symptom of applications and/or server performance, rather than a network related issue?</P><P></P><P>Thanks</P><P>/Ulrich</P> Mon, 11 Mar 2019 22:00:54 GMT https://community.cisco.com/t5/network-security/asa-fwsm-abundance-of-syn-timeouts/m-p/1843236#M491379 Ulrich Hansen 2019-03-11T22:00:54Z https://community.cisco.com/t5/network-security/asa-fwsm-abundance-of-syn-timeouts/m-p/1843237#M491380 <HTML><HEAD></HEAD><BODY><P>Hope you don't mind a gentlewonan's response <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P>SYN timeout syslogs are generated when the firewall doesn't receive a response for SYN that it passed through. It appears that the server may be responding back with a SYN ACK late (after 20 seconds ) or not at all.</P><P>If it responds late, then you would also see syslog 106015 messages.</P><P></P><P>-Kureli</P></BODY></HTML> Fri, 09 Dec 2011 14:11:25 GMT https://community.cisco.com/t5/network-security/asa-fwsm-abundance-of-syn-timeouts/m-p/1843237#M491380 Kureli Sankar 2011-12-09T14:11:25Z https://community.cisco.com/t5/network-security/asa-fwsm-abundance-of-syn-timeouts/m-p/1843238#M491384 <HTML><HEAD></HEAD><BODY><P>Hi Kureli,</P><P></P><P>Don't mind a gentlewomans reply at all <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P><P></P><P>I'll take another look at the syslog and see, if the 106015-msg appears frequently as well.</P><P>Thanks for your reply</P><P></P><P>/Ulrich</P></BODY></HTML> Fri, 09 Dec 2011 14:56:09 GMT https://community.cisco.com/t5/network-security/asa-fwsm-abundance-of-syn-timeouts/m-p/1843238#M491384 Ulrich Hansen 2011-12-09T14:56:09Z