Our 3825 IOS firewall (v12.4T(23)) log buffer has been blowing up lately with the message:
%FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE: Dropping packet - Invalid Window Scale option for session 10.x.x.x:2215 to <external address>:80 [Initiator(flag 0,factor 0) Responder (flag 1, factor 1)]
The Output Interpreter says:
%FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE :Dropping packet
Explanation: The firewall has detected that a packet from the Responder to the
Initiator has the windows scaling option enabled but did not have the scaling option
in the SYN packet from the Initiator to the Responder. This is an error according
to RFC 1323.
Recommendation: Enable the window scaling option on both the Initiator and the
Responder or turn off window scaling on the Responder.
So I guess I'm wondering if there is something I need to adjust on the 3825, to at least stifle it from blowing up my syslog and consuming the log buffer? Or is this the IOS firewall working as it should? Logging buffered is set to warnings. I guess I could up it to errors but I'd prefer warnings since this is our firewall.