We recently received complaints from our customer regarding transfer speed. Upon troubleshooting, we noticed that packet were received out of order when doing a packet capture on the FWSM. FYI, we have already enabled np-completion unit and also disable random sequence number.
Could this be related to FWSM? Also, end user advised that transfer speed using fallback LAN is about 10x faster.
capture cap-in type raw-data access-list test packet-length 128 interface c16lobby[Buffer Full - 524264 bytes] capture cap-out type raw-data access-list test packet-length 128 interface c16loadbal[Buffer Full - 524264 bytes]
FWSM# sh service-
Global policy: Service-policy: global_policy Class-map: inspection_default Inspect: dns maximum-length 512, packet 1017412418, drop 1902569, reset-drop 0 Inspect: ftp, packet 9790919, drop 16, reset-drop 0 Inspect: h323 h225, packet 0, drop 0, reset-drop 0 Inspect: h323 ras, packet 0, drop 0, reset-drop 0 Inspect: netbios, packet 82, drop 0, reset-drop 0 Inspect: rsh, packet 0, drop 0, reset-drop 0 Inspect: skinny, packet 24725, drop 7524, reset-drop 0 Inspect: sunrpc, packet 39065430, drop 6149, reset-drop 0 Inspect: tftp, packet 0, drop 0, reset-drop 0 Inspect: sip, packet 0, drop 0, reset-drop 0 Inspect: xdmcp, packet 0, drop 0, reset-drop 0 Class-map: TCP Set connection policy: random-sequence-number disable
Class-map: class-default Set connection policy: random-sequence-number disable
Set connection timeout policy: half-closed 0:00:20
FWSM# sh run sysopt no sysopt connection timewait sysopt connection tcpmss 1460 sysopt connection tcpmss minimum 0 no sysopt nodnsalias inbound no sysopt nodnsalias outbound no sysopt radius ignore-secret no sysopt uauth allow-http-cache sysopt np completion-unit sysopt connection tcp window-scale sysopt connection tcp sack-permitted
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...