When an attempt is made to access the Internet through the Cisco 3825 router, the "%FW-4-ALERT_ON" error message appears

Document

Jun 22, 2009 6:07 PM
Jun 22nd, 2009

Core issue

  The %FW-4-ALERT_ON error message occurs in these scenarios:

  • When the number of half-open connections has dropped below the low threshold

  • When the new connection initiation rate has dropped below the low threshold

Resolution

To resolve this problem, perform these steps:

  1. Issue these commands on the router:
           
  2. Carefully go through the output of the commands and note these points:
       
    1. An unusually high number of half-open sessions can indicate the occurrence of a denial-of-service attack.

    2. For TCP, half-open means that the session has not reached the established state. For User Datagram Protocol (UDP), half-open means that the firewall has detected traffic from only one direction.

    3. When the number of existing half-open sessions rises above a threshold (the max-incomplete high number), the software deletes half-open sessions as necessary to accommodate new connection requests.The software continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below another threshold (the max-incomplete low number).

    4. View the current max-incomplete low/high thresholds set. If the threshold is low, issue the ip inspect max-incomplete high command in global configuration mode to raise the number of existing half-open sessions.This action causes the software to delete half-open sessions.
       

For more information, refer to the FW Messages section of 12.3 T System Message Guide

Problem Type

Connectivity through the device

Product Family

Routers

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 22, 2009 at 6:07 PM
Stats:
Comments:0 Avg. Rating:0
Views:1143 Contributors:0
Shares:0

Related Content

Documents Leaderboard