- Bronze, 100 points or more
We are trying to work with a customer's IT support staff as something on their data network keeps pounding away at the firewall and is casuign the voice quality on live calls as well as playbakc to messages to be garbled and choppy.
It's a UC560 w/ a 48 port POE ESW. Their data switch is connected to the ESW to get access to the internet over Cbeyond SIP.
When they report voice issues, we check the CPU on the UC560 and it's HIGH. When we We see multiple requests to the firewall at a time from specific IP.s When we disconnect the data switch from the ESW, issues go away and CPU goes back down.
How can I prove to the IT folks they need to resolve a workstation issue? What does this firewall message tell us?
%APPFW-4-HTTP_STRICT_PROTOCOL: Sig:15 HTTP protocol violation detected - HTTP Protocol not detected from 192.168.111.118:1798 to 22.214.171.124:80
help. customer is mad at the phone system and wants us to take it out.
I did a query in the TAC case database and almost in every case that matched your problem, the issue was resolved by quarantining a single host that was causing the high CPU due to a virus or other OS issues. I would tell the customer that Cisco has confirmed a precedent exists and that they should look at isolating their PC problem.
Have you checked your firewall rules? Are they set too high?
If I am not mistaken that error comes up when the HTTP packet is checked/inspected and if doesnt conform to standards the firewall will have a massive tantrum over it.
I would also question what that workstation is doing, what they are browsing on it as well.
You really need to insist to the client that they isolate the PC on that IP address, take it off the network and have it fully inspected to ensure there is no Malware on it which could be causing some unwanted issues.
Maybe the other Cisco techs can advise on how to turn down the firewall huerestics to not be so agressive maybe?