Sqlnet Inspection

Unanswered Question
Apr 27th, 2010
User Badges:

I've recently upgraded my PIX 535 cluster from 7.2 to 8.0.4(32). Since the upgrade we have been experiencing blocking sessions on one of our DB servers and associated performance issues. I have checked the logs but I cannot see a message to state that sql inspection is the cause. I would expect to see something like

%ASA-6-302014: Teardown TCP connection...Flow closed by inspection

I have since turned off sql inspection and the problem has not reappeared.

Is SQL inspection likely to be the cause here and if so why didn't I see the associated messages in the syslog which is set to record informational events?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
astripat Tue, 04/27/2010 - 11:53
User Badges:

Hi Paul,

There was a bug regarding the same. When we upgrade to 8.0.4, the sqlnet traffic is disrupted and the syslogs seen at the time of issue are asfollows:

%ASA-6-302014: Teardown TCP connection...Flow closed by inspection

But as you mentioned, you do not get any such syslog. Can you enable the inspection again and collect the debugs as follows:

debug sqlnet 255

Also, please send me the following:

show tech
show service-policy
debug sqlnet 255


Panos Kampanakis Tue, 04/27/2010 - 16:11
User Badges:
  • Cisco Employee,

Not that you could be hitting defect "CSCta03382: SQLNET query via inspection cause communication errors".

ASA version 8.0.5 fixes it.

I hope it helps.



This Discussion