04-27-2010 04:10 AM - edited 03-11-2019 10:37 AM
I've recently upgraded my PIX 535 cluster from 7.2 to 8.0.4(32). Since the upgrade we have been experiencing blocking sessions on one of our DB servers and associated performance issues. I have checked the logs but I cannot see a message to state that sql inspection is the cause. I would expect to see something like
%ASA-6-302014: Teardown TCP connection...Flow closed by inspection
I have since turned off sql inspection and the problem has not reappeared.
Is SQL inspection likely to be the cause here and if so why didn't I see the associated messages in the syslog which is set to record informational events?
Thanks
Paul
04-27-2010 11:53 AM
Hi Paul,
There was a bug regarding the same. When we upgrade to 8.0.4, the sqlnet traffic is disrupted and the syslogs seen at the time of issue are asfollows:
%ASA-6-302014: Teardown TCP connection...Flow closed by inspection
But as you mentioned, you do not get any such syslog. Can you enable the inspection again and collect the debugs as follows:
debug sqlnet 255
Also, please send me the following:
show tech
syslogs
show service-policy
debug sqlnet 255
Regards,
Ashu.
04-27-2010 04:11 PM
Not that you could be hitting defect "CSCta03382: SQLNET query via inspection cause communication errors".
ASA version 8.0.5 fixes it.
I hope it helps.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide