Sqlnet Inspection

Unanswered Question
Apr 27th, 2010

I've recently upgraded my PIX 535 cluster from 7.2 to 8.0.4(32). Since the upgrade we have been experiencing blocking sessions on one of our DB servers and associated performance issues. I have checked the logs but I cannot see a message to state that sql inspection is the cause. I would expect to see something like


%ASA-6-302014: Teardown TCP connection...Flow closed by inspection


I have since turned off sql inspection and the problem has not reappeared.


Is SQL inspection likely to be the cause here and if so why didn't I see the associated messages in the syslog which is set to record informational events?



Thanks

Paul

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
astripat Tue, 04/27/2010 - 11:53

Hi Paul,


There was a bug regarding the same. When we upgrade to 8.0.4, the sqlnet traffic is disrupted and the syslogs seen at the time of issue are asfollows:


%ASA-6-302014: Teardown TCP connection...Flow closed by inspection


But as you mentioned, you do not get any such syslog. Can you enable the inspection again and collect the debugs as follows:

debug sqlnet 255

Also, please send me the following:

show tech
syslogs
show service-policy
debug sqlnet 255


Regards,

Ashu.
Panos Kampanakis Tue, 04/27/2010 - 16:11

Not that you could be hitting defect "CSCta03382: SQLNET query via inspection cause communication errors".

ASA version 8.0.5 fixes it.


I hope it helps.


PK

Actions

This Discussion