ā06-15-2016 08:15 AM - edited ā03-12-2019 12:53 AM
hi i am getting some firewall issues i am getting this error
Cisco(config)#$
*Jun 15 14:28:16.927: %APPFW-4-HTTP_PROTOCOL_VIOLATION: HTTP protocol violation (0) detected - resetting session 173.241.240.220:80 192.168.1.45:63831 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-http-blockparam
*Jun 15 14:28:43.191: %APPFW-4-HTTP_METHOD: HTTP method (post) matched - resetting session 192.168.1.17:53477 52.29.96.121:80 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-app-httpmethods
*Jun 15 14:28:57.199: %APPFW-4-HTTP_DEOBFUSCATION: Deobfuscation signature (15) detected - resetting session 192.168.1.45:64146 2.18.213.106:80 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-http-blockparam
*Jun 15 14:29:13.443: %APPFW-4-HTTP_METHOD: HTTP method (post) matched - resetting session 192.168.1.17:53642 52.28.130.45:80 on zone-pair sdm-zp-in-out class sdm-protocol-http appl-class sdm-app-httpmethods
*Jun 15 14:29:44.639: %APPFW-4-HTTP_DEOBFUSCATION: Deobfuscation signature (16) detected - resetting session 192.168.1.45:64219
https://gyazo.com/60115023b458ac061d791d5a4fc106b9
is this normal ? it not slowing the internet down or anything ? sorry i am new to this .
also i am getting this
Solved! Go to Solution.
ā06-15-2016 08:43 AM
hey
from the screenshot your queue has filled , you need to increase it defaults can be very low , increase it bit by bit until the logs stop sending that message
depending what way its configured theres a couple of ways to increase it
ip inspect tcp reassembly queue length xxx
or
tcp reassembly queue length xxx
To set parameters that define how Cisco IOS Firewall application inspection and Cisco IOS Intrusion Prevention System (IPS) will handle out-of-order TCP packets, use the ip inspect tcp reassembly command in global configuration mode. To disable at least one defined parameter, use the no form of this command.
ip inspect tcp reassembly {[queue length packet-number] [timeout seconds] [memory limit size-in-kb] [alarm {on | off}]}
no ip inspect tcp reassembly {[queue length] [timeout] [memory limit]}
ā06-15-2016 08:43 AM
hey
from the screenshot your queue has filled , you need to increase it defaults can be very low , increase it bit by bit until the logs stop sending that message
depending what way its configured theres a couple of ways to increase it
ip inspect tcp reassembly queue length xxx
or
tcp reassembly queue length xxx
To set parameters that define how Cisco IOS Firewall application inspection and Cisco IOS Intrusion Prevention System (IPS) will handle out-of-order TCP packets, use the ip inspect tcp reassembly command in global configuration mode. To disable at least one defined parameter, use the no form of this command.
ip inspect tcp reassembly {[queue length packet-number] [timeout seconds] [memory limit size-in-kb] [alarm {on | off}]}
no ip inspect tcp reassembly {[queue length] [timeout] [memory limit]}
ā06-15-2016 08:51 AM
hi i have sent you a pm mate
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: