cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
429
Views
0
Helpful
2
Replies

cisco 2851 firewall issues

CrazyxRascal
Level 1
Level 1

hi i am getting some firewall issues i am getting this error 

Cisco(config)#$
*Jun 15 14:28:16.927: %APPFW-4-HTTP_PROTOCOL_VIOLATION: HTTP protocol violation (0) detected - resetting session 173.241.240.220:80 192.168.1.45:63831 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-http-blockparam
*Jun 15 14:28:43.191: %APPFW-4-HTTP_METHOD: HTTP method (post) matched - resetting session 192.168.1.17:53477 52.29.96.121:80 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-app-httpmethods
*Jun 15 14:28:57.199: %APPFW-4-HTTP_DEOBFUSCATION: Deobfuscation signature (15) detected - resetting session 192.168.1.45:64146 2.18.213.106:80 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-http-blockparam
*Jun 15 14:29:13.443: %APPFW-4-HTTP_METHOD: HTTP method (post) matched - resetting session 192.168.1.17:53642 52.28.130.45:80 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-app-httpmethods
*Jun 15 14:29:44.639: %APPFW-4-HTTP_DEOBFUSCATION: Deobfuscation signature (16) detected - resetting session 192.168.1.45:64219

https://gyazo.com/60115023b458ac061d791d5a4fc106b9

is this normal ? it not slowing the internet down or anything ? sorry i am new to this .

also i am getting this 

1 Accepted Solution

Accepted Solutions

Mark Malone
VIP Alumni
VIP Alumni

hey

from the screenshot your queue has filled , you need to increase it defaults can be very low , increase it bit by bit until the logs stop sending that message

depending what way its configured theres a couple of ways to increase it

ip inspect tcp reassembly queue length xxx

or

tcp reassembly queue length xxx

ip inspect tcp reassembly

To set parameters that define how Cisco IOS Firewall application inspection and Cisco IOS Intrusion Prevention System (IPS) will handle out-of-order TCP packets, use the ip inspect tcp reassembly command in global configuration mode. To disable at least one defined parameter, use the no form of this command.

ip inspect tcp reassembly {[queue length packet-number] [timeout seconds] [memory limit size-in-kb] [alarm {on | off}]}

no ip inspect tcp reassembly {[queue length] [timeout] [memory limit]}

Syntax Description

queue length packet-number

Maximum number of out-of-order packets that can be held per queue (buffer). (There are two queues per session.)
Available value range: 0 to 1024. Default value: 16.

Note If the queue length is set to 0, all out-of-order packets are dropped; that is, TCP out-of-order packet buffering and reassembly is disabled.

timeout seconds

Number of seconds the TCP reassembly module will hold out-of-order segments that are waiting for the first segment missing in the sequence.

After the timeout timer has expired, a retry timer is started. The value for the retry timer is four times the configured timeout value.

memory limit size-in-kb

Maximum memory use allowed by the TCP reassembly module.

alarm {on | off}

If enabled, a syslog message is generated when an out-of-order packet is dropped. Default value: on

View solution in original post

2 Replies 2

Mark Malone
VIP Alumni
VIP Alumni

hey

from the screenshot your queue has filled , you need to increase it defaults can be very low , increase it bit by bit until the logs stop sending that message

depending what way its configured theres a couple of ways to increase it

ip inspect tcp reassembly queue length xxx

or

tcp reassembly queue length xxx

ip inspect tcp reassembly

To set parameters that define how Cisco IOS Firewall application inspection and Cisco IOS Intrusion Prevention System (IPS) will handle out-of-order TCP packets, use the ip inspect tcp reassembly command in global configuration mode. To disable at least one defined parameter, use the no form of this command.

ip inspect tcp reassembly {[queue length packet-number] [timeout seconds] [memory limit size-in-kb] [alarm {on | off}]}

no ip inspect tcp reassembly {[queue length] [timeout] [memory limit]}

Syntax Description

queue length packet-number

Maximum number of out-of-order packets that can be held per queue (buffer). (There are two queues per session.)
Available value range: 0 to 1024. Default value: 16.

Note If the queue length is set to 0, all out-of-order packets are dropped; that is, TCP out-of-order packet buffering and reassembly is disabled.

timeout seconds

Number of seconds the TCP reassembly module will hold out-of-order segments that are waiting for the first segment missing in the sequence.

After the timeout timer has expired, a retry timer is started. The value for the retry timer is four times the configured timeout value.

memory limit size-in-kb

Maximum memory use allowed by the TCP reassembly module.

alarm {on | off}

If enabled, a syslog message is generated when an out-of-order packet is dropped. Default value: on

hi i have sent you a pm mate

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: