This is a vague question but I guess I need to start somewhere.
In a smaller sized environment, I see the following counters on a 5510 w/ a CSC module...
Frame drop:
SVC Module does not have a session (mp-svc-no-session) 1
Unsupported IP version (unsupported-ip-version) 1
No route to host (no-route) 223
Reverse-path verify failed (rpf-violated) 88
Flow is denied by configured rule (acl-drop) 73233
First TCP packet not SYN (tcp-not-syn) 44862
TCP failed 3 way handshake (tcp-3whs-failed) 8883
TCP RST/FIN out of order (tcp-rstfin-ooo) 34487
TCP SEQ in SYN/SYNACK invalid (tcp-seq-syn-diff) 1
TCP packet SEQ past window (tcp-seq-past-win) 348
TCP invalid ACK (tcp-invalid-ack) 4
TCP ACK in 3 way handshake invalid (tcp-discarded-ooo) 1
TCP RST/SYN in window (tcp-rst-syn-in-win) 40
TCP packet failed PAWS test (tcp-paws-fail) 717
Output QoS rate exceeded (rate-exceeded) 33810
Early security checks failed (security-failed) 44
Slowpath security checks failed (sp-security-failed) 39152
ICMP Error Inspect no existing conn (inspect-icmp-error-no-existing-conn) 67
DNS Inspect invalid packet (inspect-dns-invalid-pak) 1
DNS Inspect invalid domain label (inspect-dns-invalid-domain-label) 1
DNS Inspect id not matched (inspect-dns-id-not-matched) 107
FP L2 rule drop (l2_acl) 138157
Packet shunned (shunned) 329
Dropped pending packets in a closed socket (np-socket-closed) 349
Invalid ASDP packet received from SSM card (ssm-asdp-invalid) 2
Service module is down (ssm-app-fail) 71
Inspection failure (inspect-fail) 2050
DTLS hello processed and closed (dtls-hello-close) 3
Last clearing: 10:24:52 CDT Jul 30 2013 by root
I'm bothered by the sp-security failed and first not syn counters particularly. Do these values look normal?
Thank you
