- Bronze, 100 points or more
I have seen the following message on FWSM 2.3(4).
%FWSM-4-209003: Fragment database limit of 200 exceeded: src = xxx.xxx.xxx.xxx, dest = yyy.yyy.yyy.yyy, proto = tcp, id = 19923
xxx.xxx.xxx.xxx is client
yyy.yyy.yyy.yyy is WEB server
The following is the explanation of this message found out on CCO.
%FWSM-4-209003: Fragment database limit of number exceeded: src = IP_address,dest = IP_address, proto = protocol, id = number
Too many IP fragments are currently awaiting reassembly. By default, the maximum number of fragments is 200.
The module limits the number of IP fragments that can be concurrently reassembled. This restriction prevents memory depletion at the module under abnormal network conditions.
The MTU setting on FWSM is;
mtu outside 1500
mtu inside 1500
So I personally understand FWSM does not perform packet assemble/reassemble in the case of inside MTU and outside MTU are same value.
However %FWSM-4-209003 means "By default, the maximum number of fragments is 200. The module limits the number of IP fragments that can be concurrently reassembled.".
I am confusing whether FWSM performs packet reassemble or not even if the inside MTU and outside MTU size are same value (in this case, 1500 bytes).
I understand the "fragment" command on FWSM is to provide Frag Guard/IP fragment protection feature, and it uses fragment database and "fragment size" command configures the size of fragment database.
So I think that "reassemble" on FWSM just means that reassemble packets in the fragment database to inspect packets for Frag Guard and not reassemble real user traffic.
Is my understanding correct ?
Your information would be appreciated.