Hi Jay,

I have an FWSM running software version 3.1(8). It was upgraded from version 2.3(3).

After the upgrade, end-user complain of slow SQL transfer across the FWSM.

I suspect I'm hitting the bug ID CSCsl71684 (FWSM 'inspect sqlnet' can lead to TCP drops when short inter-packets gap).

The workarounds are:

1 disable inspect sqlnet

2 enable inspect sqlnet but disable tcp normalizer

3 do smaller data transfers (-> resulting in smaller rapid burst of TNS data packets)

4 upgrade FWSM to 3.1.9 or 3.2.

Is it advisable to disable TCP normalizer (using "no control-point tcp-normalizer" command)? What's the impact? I'd like to test disabling TCP normalizer and see the effect on the SQL transfer before I upgrade it to version 3.1(9) or 3.2.

Please advise.

Thank you.

B.Rgds,

Lim TS

Hi Farrukh,

Is it recommended to disable TCP normalizer (using "no control-point tcp-normalizer" command)? What's the impact?

Thank you.

B.Rgds,

Lim TS

This is the official description:

"For traffic that passes through the control-plane path, such as packets that require Layer 7 inspection or management traffic, the FWSM sets the maximum number of out-of-order packets that can be queued for a TCP connection to 2 packets, which is not user-configurable. Other TCP normalization features that are supported on the PIX and ASA platforms are not enabled for FWSM. You can disable the limited TCP normalization support for the FWSM using the no control-point tcp-normalizer command."

Please note its not recommended to disable it, consider this a transient step to fix the HIGH CPU issue.

Regards

Farrukh