Solved: HTTP inspection problem

zenon_electronics · ‎02-16-2009

Hi, I have configured IOS Zone Based Firewall on my office 871 router.

I've made an inspection rules for http, https, icmp and dns for in-out zone. Often I can see in router log the message:

%APPFW-3-HTTP_MAX_REQ_EXCEEDED : Number of unanswered HTTP requests exceeded the limit 10.

I guess this is becouse there are about 7 people working simultaneously and some of them use skype, witch probably makes unanswered sessions.

However, i want to ask, is there some way to change the limit of 10 unanswered request?

Thanks in advance!

sadsiddi · ‎02-21-2009

The limit is raised to 64 in 12.4(20)T.You can give a try with that.

View solution in original post

ivillegas · ‎02-20-2009

This error message means firewall sees 10 outstanding requests without any reply over a single TCP connection. Normally this shouldn't happen unless you have huge delay in the network or the HTTP server is very slow in responding to the request.

zenon_electronics · ‎02-20-2009

Thanks for reply!

I understand what the error message means, but I don't know how to prevent it.

I'm sure that it's NOT from the network delay or internet connection speed (ADSL - 12Mb/s).

I need to increase the limit number of 10 unopened connections. Is this possible?

Thanks!

sadsiddi · ‎02-20-2009

What version of IOS do you use now?

zenon_electronics · ‎02-21-2009

my version of IOS is 12.4(15)T with Advanced Ip services, and i've configured a Zone-Based-Firewall

sadsiddi · ‎02-21-2009

The limit is raised to 64 in 12.4(20)T.You can give a try with that.

zenon_electronics · ‎02-21-2009

Thank you very much, I'll try it next week and i hope that will helps me..

Henry Gonzales · ‎02-04-2016

Hi,

I also have the some problem.

I have: c1841-advsecurityk9-mz.124-4.T7.bin - Version 12.4(4)T7

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

I have to upgrade IOS?

Thanks in advance!