cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

1219
Views
0
Helpful
3
Replies
stacy.thompson
Participant

UC560- firewall errors and CPU spikes causing voice issues

We are trying to work with a customer's IT support staff as something on their data network keeps pounding away at the firewall and is casuign the voice quality on live calls as well as playbakc to messages to be garbled and choppy.

It's a UC560 w/ a 48 port POE ESW. Their data switch is connected to the ESW to get access to the internet over Cbeyond SIP.

When they report voice issues, we check the CPU on the UC560 and it's HIGH. When we  We see multiple requests to the firewall at a time from specific IP.s When we disconnect the data switch from the ESW, issues go away and CPU goes back down.

How can I prove to the IT folks they need to resolve a workstation issue?  What does this firewall message tell us?

%APPFW-4-HTTP_STRICT_PROTOCOL: Sig:15 HTTP protocol violation detected -  HTTP Protocol not detected from 192.168.111.118:1798 to 216.155.137.153:80

help. customer is mad at the phone system and wants us to take it out.

Stacy

2 ACCEPTED SOLUTIONS

Accepted Solutions
David Trad
Rising star

Hi Stacey,

Have you checked your firewall rules? Are they set too high?

If I am not mistaken that error comes up when the HTTP packet is checked/inspected and if doesnt conform to standards the firewall will have a massive tantrum over it.

I would also question what that workstation is doing, what they are browsing on it as well.

You really need to insist to the client that they isolate the PC on that IP address, take it off the network and have it fully inspected to ensure there is no Malware on it which could be causing some unwanted issues.

Maybe the other Cisco techs can advise on how to turn down the firewall huerestics to not be so agressive maybe?

Cheers,

David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *

View solution in original post

I did a query in the TAC case database and almost in every case that matched your problem, the issue was resolved by quarantining a single host that was causing the high CPU due to a virus or other OS issues. I would tell the customer that Cisco has confirmed a precedent exists and that they should look at isolating their PC problem.

Thanks,


Marcos

View solution in original post

3 REPLIES 3
David Trad
Rising star

Hi Stacey,

Have you checked your firewall rules? Are they set too high?

If I am not mistaken that error comes up when the HTTP packet is checked/inspected and if doesnt conform to standards the firewall will have a massive tantrum over it.

I would also question what that workstation is doing, what they are browsing on it as well.

You really need to insist to the client that they isolate the PC on that IP address, take it off the network and have it fully inspected to ensure there is no Malware on it which could be causing some unwanted issues.

Maybe the other Cisco techs can advise on how to turn down the firewall huerestics to not be so agressive maybe?

Cheers,

David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *

View solution in original post

I did a query in the TAC case database and almost in every case that matched your problem, the issue was resolved by quarantining a single host that was causing the high CPU due to a virus or other OS issues. I would tell the customer that Cisco has confirmed a precedent exists and that they should look at isolating their PC problem.

Thanks,


Marcos

View solution in original post

Thank you all for your responses. Marcos, that info is particularly helpful in our discussions with the client. and yes, we think we've found a PC with a ton of malware.

Stacy