Seeing errors & FIFO Overruns on the ASA-SSM-10

Unanswered Question
Aug 3rd, 2007
User Badges:


A few of my customers are utilizing ASA-SSM-10 module running under ASA5510/20 hardware. The FW?s is part of the Failover configuration.

The module is running in "promiscuous fail-open" mode and the class-map for the IPS is applied as global_policy with access-list monitoring all the interfaces and all protocols.

In two independent cases, we are seeing errors on the Sensing interface GigabitEthernet0/1

Total Receive Errors = 772089

Total Receive FIFO Overruns = 3832

I've already verified speed/duplex settings on the FW side and I don't see any errors that would probably be causing this behavior. The bandwidth on the all interfaces is also nowhere close to the rated 150Mbps/s inspection.

Here is the scenario:

Client1 - HA

ASA 5510 Adaptive Security Appliance v7.2(2)19

ASA 5500 Series Security Services Module-10 v5.1(6)E1

Client2 - HA

ASA 5520 Adaptive Security Appliance v7.2(2)10

ASA 5500 Series Security Services Module-10 v5.1(6)E1

Wondering if anyone has seen the behavior in their environment and what might be causing it?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion