×

Error message

  • Unable to create CTools CSS cache directory. Check the permissions on your files directory.
  • Unable to create CTools CSS cache directory. Check the permissions on your files directory.

UC560- firewall errors and CPU spikes causing voice issues

Answered Question
May 12th, 2010
User Badges:
  • Bronze, 100 points or more

We are trying to work with a customer's IT support staff as something on their data network keeps pounding away at the firewall and is casuign the voice quality on live calls as well as playbakc to messages to be garbled and choppy.


It's a UC560 w/ a 48 port POE ESW. Their data switch is connected to the ESW to get access to the internet over Cbeyond SIP.

When they report voice issues, we check the CPU on the UC560 and it's HIGH. When we  We see multiple requests to the firewall at a time from specific IP.s When we disconnect the data switch from the ESW, issues go away and CPU goes back down.


How can I prove to the IT folks they need to resolve a workstation issue?  What does this firewall message tell us?

%APPFW-4-HTTP_STRICT_PROTOCOL: Sig:15 HTTP protocol violation detected -  HTTP Protocol not detected from 192.168.111.118:1798 to 216.155.137.153:80


help. customer is mad at the phone system and wants us to take it out.


Stacy

Correct Answer by Marcos Hernandez about 7 years 1 month ago

I did a query in the TAC case database and almost in every case that matched your problem, the issue was resolved by quarantining a single host that was causing the high CPU due to a virus or other OS issues. I would tell the customer that Cisco has confirmed a precedent exists and that they should look at isolating their PC problem.


Thanks,


Marcos

Correct Answer by David Trad about 7 years 1 month ago

Hi Stacey,


Have you checked your firewall rules? Are they set too high?


If I am not mistaken that error comes up when the HTTP packet is checked/inspected and if doesnt conform to standards the firewall will have a massive tantrum over it.


I would also question what that workstation is doing, what they are browsing on it as well.


You really need to insist to the client that they isolate the PC on that IP address, take it off the network and have it fully inspected to ensure there is no Malware on it which could be causing some unwanted issues.


Maybe the other Cisco techs can advise on how to turn down the firewall huerestics to not be so agressive maybe?



Cheers,



David.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
David Trad Wed, 05/12/2010 - 23:53
User Badges:
  • Gold, 750 points or more
  • Cisco Designated VIP,

    2013 Small Business

Hi Stacey,


Have you checked your firewall rules? Are they set too high?


If I am not mistaken that error comes up when the HTTP packet is checked/inspected and if doesnt conform to standards the firewall will have a massive tantrum over it.


I would also question what that workstation is doing, what they are browsing on it as well.


You really need to insist to the client that they isolate the PC on that IP address, take it off the network and have it fully inspected to ensure there is no Malware on it which could be causing some unwanted issues.


Maybe the other Cisco techs can advise on how to turn down the firewall huerestics to not be so agressive maybe?



Cheers,



David.

Correct Answer
Marcos Hernandez Sun, 05/16/2010 - 07:13
User Badges:
  • Blue, 1500 points or more

I did a query in the TAC case database and almost in every case that matched your problem, the issue was resolved by quarantining a single host that was causing the high CPU due to a virus or other OS issues. I would tell the customer that Cisco has confirmed a precedent exists and that they should look at isolating their PC problem.


Thanks,


Marcos

stacy.thompson Mon, 05/17/2010 - 08:41
User Badges:
  • Bronze, 100 points or more

Thank you all for your responses. Marcos, that info is particularly helpful in our discussions with the client. and yes, we think we've found a PC with a ton of malware.


Stacy