Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
3
Replies

C1861 & ZBF / Download issues

nickrourke
Level 1
Level 1

‎05-02-2011 11:27 AM - edited ‎03-04-2019 12:14 PM

Hi All,

having a very strange problem with a Cisco 1861 running - Cisco IOS Software, C1861 Software (C1861-ADVENTERPRISEK9-M), Version 12.4(24)T5

The issue  -

I  have suddenly started to get performance issues with downloads and  access through the ZBF. Without the firewall enabled and just having NAT  enabled and routing  , downloads perform as expected - ( have been  using Itunes download as test file ) - with the ZBF enabled , and the  necessary rules installed to inspect & allow traffic - downloads  stall - and the only way to get the downlaod to start again is to pause ,  then resume. The stalls are anything between the first 25 - 120 secs.

I  have debugged and performed packet traces - but cant see anything  untoward. I have also placed another router ( just a cheap Belkin )  on  the ADSL service and again , the downloads work as expected.

one  further thing to add is that when im tunneling through the firewall (  VPN ) , then downloads do work as expected - suggesting that the issue  is with native HTTP(s) traffic......

I  have upgraded from T4 to T5 - and the symptons still remain - I am  thinking that these may have been introduced when i upgraded to T4 a few  monthes ago.

any help would be gratefully appreicated.....

cheers

Nick

Labels:
0 Helpful
3 Replies 3

paolo bevilacqua
Hall of Fame
Hall of Fame

‎05-02-2011 11:38 AM

It is known that IOS "firewall" has major performance issues. Just remove it, it's useless anyway.

0 Helpful

Michael Dougherty
Level 1
Level 1
In response to paolo bevilacqua

‎07-11-2011 04:58 PM

Greetings All,

I have a client that is using a 2801 with ZBF and they are having a similar issue.  A file larger then 20Mb will start off downloading and with in 10-40 seconds you can see the transfer rate just tumble in to self termination after a time.  There was mention of a known issue has there been a fix yet or work around?  15.x??

Cheers,

Mike

0 Helpful

Rozsa Illes
Cisco Employee
Cisco Employee
In response to Michael Dougherty

‎07-12-2011 12:45 AM

Hello Nick, Michael,

If you try removing HTTP inspection and use only TCP inspection, is it the same?

I know that there were some issues with HTTP inspection with ZBF due to out of order packets. There was also a bug opened for a performance issue on ZBF and HTTP: CSCta95621 which is indeed fixed in 15.0M.

If you need ZBF, it might be worth trying either TCP inspection or an upgrade.

Warm Regards,

Rose

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card