01-21-2005 08:20 AM - edited 02-20-2020 11:53 PM
Good evening are few days that i see in the log file of my Pix firewall some strange record, now explain the threath.
In one DMZ have applied an ACL that said:
access-list acl_dmz-col permit tcp any any eq www
and an access group that said:
access-group acl_dmz-col in interface dmz-col
This to place in permit every http session, but in my log I find:
Deny tcp src dmz-col:my IP network/80 dst outside:internet pubblic IP/any by access-group "acl_dmz-col"
I hope i can explain exactly my problem, what happens for you?
Best Regards
Davide
01-22-2005 03:34 AM
Good morning about my case I want specify a plus information to succesfully explain, below you can find information as is:
#sh ver
Cisco PIX Firewall Version 6.3(3)
If someone want other information to troubleshooting the case don't esitate to write me, any information that you can send me are welcomed.
Best Regards
Davide
01-22-2005 04:06 PM
Guessing a little here:
The packets have a source of port 80, so these are replies from your web server to devices outside.
Sometimes this is caused by web server on the DMZ responding to clients outside after the session has timed out of the state table, for some reason.
I have seen this with web servers struggling to talk to back end SQL servers then responding late (once the session has timed out), but also just after a reboot of the pix, or a clear xlate (events which clear the session table).
I've had a blank and can't remember the default timeout. 5 minutes rings a bell.
Maybe do some sniffing to watch the sessions, see if you really do have sessions taking that long.
01-25-2005 03:23 AM
Good morning thank's very much garethhinton for your probably reason about my http session problem.
With your input now we will verify the code of the pages that are edit by the web server (to find if for someone reason it make http replies over the http session timeout of the Pix), and in conjuction we will sniff this http sessions to find information about this delay.
Another question, i think that I don't have http session timeout in my Pix configuration below you can see:
arp timeout 14400
timeout xlate 0:10:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:03:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
Thanks very much for your interesting, any information that you can send me are welcomed.
Best Regards
sercopi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide