Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA/FWSM: Abundance of SYN timeouts

Gentlemen,

Firewall'ing and FW-forensic is not my primary area of expertise, so forgive my ignorance.

When browsing through the collected syslogs from our firewalls (FWSM/ASA), I'm seeing an abundance of SYN Timeouts. There's no specific pattern here, e.g. specific host or service, time of day etc. I can pick any day of the week and select a random host/service and simply search for the string "SYN" and I will almost surely get a significant number of hits.

Now, I'm not really looking for solution, as we've pretty much ruled out the possibility of misconfiguration. We've gone through potential problems with regards to TCP-connections limitations, timeout values, routing etc. But nothing seems to be misconfigured.

So my question to you gentlemen is: Is what I'm seeing typical or even expected behaviour? Since my server- or application teams are not screaming their lungs out with "slow network", this apparently does not cause severe performance degredation. I'm just surprised by the volume of SYN timeouts, but then again, browsing through the FW-syslogs is not really part of my everyday work. Can something like this be the result of theh fact that the volume of application traffic exceeds the capacity of the servers and that this i more a symptom of applications and/or server performance, rather than a network related issue?

Thanks

/Ulrich

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

ASA/FWSM: Abundance of SYN timeouts

Hope you don't mind a gentlewonan's response

SYN timeout syslogs are generated when the firewall doesn't receive a response for SYN that it passed through. It appears that the server may be responding back with a SYN ACK late (after 20 seconds ) or not at all.

If it responds late, then you would also see syslog 106015 messages.

-Kureli

2 REPLIES
Cisco Employee

ASA/FWSM: Abundance of SYN timeouts

Hope you don't mind a gentlewonan's response

SYN timeout syslogs are generated when the firewall doesn't receive a response for SYN that it passed through. It appears that the server may be responding back with a SYN ACK late (after 20 seconds ) or not at all.

If it responds late, then you would also see syslog 106015 messages.

-Kureli

New Member

ASA/FWSM: Abundance of SYN timeouts

Hi Kureli,

Don't mind a gentlewomans reply at all

I'll take another look at the syslog and see, if the 106015-msg appears frequently as well.

Thanks for your reply

/Ulrich

859
Views
0
Helpful
2
Replies
This widget could not be displayed.