FWSM 4.1, closes all connections.

andrea.meconi · ‎04-27-2010

My customer reports a FWSM issue.

When he modifies an ACL, adding or removing an entry, the FWSM closes all TCP connections regarding or not the entry.

Any idea?

Thanks.

Panos Kampanakis · ‎04-27-2010

It does not make sense to close all conns.

When changing an ACL there will be a CPU spike but we should not close all conns.

Check if the issue is due to the CPU.

Also you could check the logs to see if conns are torn due and the teardown reason.

I hope it helps.

PK

andrea.meconi · ‎04-27-2010

Many thanks for your help.

Can you suggest how to determine if this issue is due to the CPU?

Regards.

Andrea

Panos Kampanakis · ‎04-28-2010

I would make sure I know if the conns are torn down when I see the "outage" (I don't think that is the case).What I would check is if conns are torn down, why they are torn down. You can check syslogs for that.

I don't think they are torn down, there might be some slowness if the CPU spikes for some time and you cpu stays high.

Then I would try to correlate the "outage" with the event. Packet captures using the capture command for a host that is experiencing the outage would also help you to see what is happening with the packets of a conn that "breaks".

I hope it helps.

PK