05-12-2010 03:00 PM - last edited on 03-25-2019 10:50 PM by ciscomoderator
We are trying to work with a customer's IT support staff as something on their data network keeps pounding away at the firewall and is casuign the voice quality on live calls as well as playbakc to messages to be garbled and choppy.
It's a UC560 w/ a 48 port POE ESW. Their data switch is connected to the ESW to get access to the internet over Cbeyond SIP.
When they report voice issues, we check the CPU on the UC560 and it's HIGH. When we We see multiple requests to the firewall at a time from specific IP.s When we disconnect the data switch from the ESW, issues go away and CPU goes back down.
How can I prove to the IT folks they need to resolve a workstation issue? What does this firewall message tell us?
%APPFW-4-HTTP_STRICT_PROTOCOL: Sig:15 HTTP protocol violation detected - HTTP Protocol not detected from 192.168.111.118:1798 to 216.155.137.153:80
help. customer is mad at the phone system and wants us to take it out.
Stacy
Solved! Go to Solution.
05-12-2010 11:53 PM
Hi Stacey,
Have you checked your firewall rules? Are they set too high?
If I am not mistaken that error comes up when the HTTP packet is checked/inspected and if doesnt conform to standards the firewall will have a massive tantrum over it.
I would also question what that workstation is doing, what they are browsing on it as well.
You really need to insist to the client that they isolate the PC on that IP address, take it off the network and have it fully inspected to ensure there is no Malware on it which could be causing some unwanted issues.
Maybe the other Cisco techs can advise on how to turn down the firewall huerestics to not be so agressive maybe?
Cheers,
David.
05-16-2010 07:13 AM
I did a query in the TAC case database and almost in every case that matched your problem, the issue was resolved by quarantining a single host that was causing the high CPU due to a virus or other OS issues. I would tell the customer that Cisco has confirmed a precedent exists and that they should look at isolating their PC problem.
Thanks,
Marcos
05-12-2010 11:53 PM
Hi Stacey,
Have you checked your firewall rules? Are they set too high?
If I am not mistaken that error comes up when the HTTP packet is checked/inspected and if doesnt conform to standards the firewall will have a massive tantrum over it.
I would also question what that workstation is doing, what they are browsing on it as well.
You really need to insist to the client that they isolate the PC on that IP address, take it off the network and have it fully inspected to ensure there is no Malware on it which could be causing some unwanted issues.
Maybe the other Cisco techs can advise on how to turn down the firewall huerestics to not be so agressive maybe?
Cheers,
David.
05-16-2010 07:13 AM
I did a query in the TAC case database and almost in every case that matched your problem, the issue was resolved by quarantining a single host that was causing the high CPU due to a virus or other OS issues. I would tell the customer that Cisco has confirmed a precedent exists and that they should look at isolating their PC problem.
Thanks,
Marcos
05-17-2010 08:41 AM
Thank you all for your responses. Marcos, that info is particularly helpful in our discussions with the client. and yes, we think we've found a PC with a ton of malware.
Stacy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide