Dear Cisco Community,

We recently received complaints from our customer regarding transfer speed. Upon troubleshooting, we noticed that packet were received out of order when doing a packet capture on the FWSM. FYI, we have already enabled np-completion unit and also disable random sequence number.

Could this be related to FWSM? Also, end user advised that transfer speed using fallback LAN is about 10x faster.

capture cap-in type raw-data access-list test packet-length 128 interface c16lobby[Buffer Full - 524264 bytes]
capture cap-out type raw-data access-list test packet-length 128 interface c16loadbal[Buffer Full - 524264 bytes]

FWSM# sh service-

Global policy:
  Service-policy: global_policy
    Class-map: inspection_default
      Inspect: dns maximum-length 512, packet 1017412418, drop 1902569, reset-drop 0
      Inspect: ftp, packet 9790919, drop 16, reset-drop 0
      Inspect: h323 h225, packet 0, drop 0, reset-drop 0
      Inspect: h323 ras, packet 0, drop 0, reset-drop 0
      Inspect: netbios, packet 82, drop 0, reset-drop 0
      Inspect: rsh, packet 0, drop 0, reset-drop 0
      Inspect: skinny, packet 24725, drop 7524, reset-drop 0
      Inspect: sunrpc, packet 39065430, drop 6149, reset-drop 0
      Inspect: tftp, packet 0, drop 0, reset-drop 0
      Inspect: sip, packet 0, drop 0, reset-drop 0
      Inspect: xdmcp, packet 0, drop 0, reset-drop 0
    Class-map: TCP
      Set connection policy: random-sequence-number disable
        
    Class-map: class-default
      Set connection policy: random-sequence-number disable
        
      Set connection timeout policy:
        half-closed 0:00:20

FWSM# sh run sysopt
no sysopt connection timewait
sysopt connection tcpmss 1460
sysopt connection tcpmss minimum 0
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
no sysopt radius ignore-secret
no sysopt uauth allow-http-cache
sysopt np completion-unit
sysopt connection tcp window-scale
sysopt connection tcp sack-permitted