Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1319
Views
0
Helpful
6
Replies

HTTP traffic stops passing through IPS

phamthecong
Level 1
Level 1

‎05-20-2013 09:56 PM - last edited on ‎03-25-2019 05:20 PM by Community Manager

Hi All,

We have an inline IPS 4260 (version 7.1(7), sig ver 719) that works for a while and suddenly stops passing http traffic through. All other kinds of traffic inlucing https are still passing through as normal. Stop sending traffic to it for awhile then everything works fine. Does anyone have the same problem?

contacted TAC and been advised that sig1300.0 was disabled but the system was not reset that might cause prob.  is that true that once we modified Normalizer sigs, we have to reset the appliance?

any help would be appreciated.

Regards,

Tao Lao

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-21-2013 05:20 PM

Hello Tao,

We certainly do not recommend to modify the normalizer signatures as that could lead to issues as the one you are mentioning,

so are you saying that you reset the box and it worked? and you want to know why?

Or you have not done it and want to know if it could work for u?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

phamthecong
Level 1
Level 1
In response to Julio Carvajal

‎05-21-2013 05:38 PM

thanks jcarvaja for the reply,

I have not reset it yet as it might cause a downtime. I want to know if reset could fix the prob.

i understand the implication of modifying the normalizer sigs but the sig1300.0 generates so many alerts that we could not handle it. so we have disabled the alert action of sig1300.0.

Regards,

tao lao

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-21-2013 08:19 PM

Hello,

Interesting enough.

Is http traffic flowing across your network normally right now?


Maybe you could send me the case number on a private message so I can take a look at it.

Sent from Cisco Technical Support Android App

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

ROBERT MOON
Level 1
Level 1

‎05-21-2013 09:04 PM

I have the same issue with Cisco IPS 4260.  Since I upgraded to the latest software, I'm running into issues with http traffic.

Http traffic will pass through the IPS unit and suddenly it will block all http traffic for about 10 - 15 minutes.

This happens so mutltiple times throught out the day that I currently bypassing the entire unit.

My case, this started after I upgraded the software and I didn't disable any sigs.

I would love to hear a solution for this issue.

Thanks,

Rob

0 Helpful

phamthecong
Level 1
Level 1
In response to ROBERT MOON

‎05-21-2013 09:27 PM

Hi Robert,

I dont have a solution yet but when turned the unit to run in asymmetry mode, the unit seems to be stable.

I initially ran into 100% inspection load issue then new firmware came out, upgraded it, ran into 99% missed packets issue. upgraded again, ran into this issue. heachache!!!

Tao Lao

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to phamthecong

‎05-22-2013 09:43 AM

Hello,

Yeah, I mean based on your network you will need to run on asymetric mode as the normalizer engine working in strict mode will cause a lot of issues due to the network design issues,

Regards

Note: I have answered your email

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card