03-31-2010 01:49 PM - edited 03-11-2019 10:27 AM
We have a PIX 525 running 7.2(2). Recently, without any network changes, one particular webserver in the DMZ network became unreachable. Other webservers in that same network can be reached as normal. In doing packet captures both inside and in the dmz, it looks like the page request goes out and the page comes back and gets as far as the dmz interface. In packet captures on the inside network, an ACK is received from the server for the page request, and that's the last thing received on that session. Subsequent attempts seem normal until that point, too.
We have a standby PIX and we've tried doing a failover to that, and that device is showing the same behavior.
03-31-2010 02:24 PM
From your description sounds like an issue with Webserver than a firewall issue, provided your indication of other webservers in same DMZ network have no problems , have you look at app event logs etc.. from the server itself to rule out any issues with it before moving onto looking other posibilities?
Regards
04-01-2010 05:30 AM
That's what I thought at first, but packet captures show a normal response up until the dmz interface of the PIX. The inside interface captures (and I'm assuming the outside interface, too) show no response after the ACK to the page request.
04-01-2010 09:35 AM
When you say server unreachable what is the server suppost to be reponding on port 80 .. and what sources are connecting to it inside, outside ?
Can you post packet trace accessing DMZ server from inside ?
packet-tracer input inside tcp
[edit]
Also please ensure to rule out any physical issues , look at all physycal interfaces transmission , from the server side, and DMZ interface as well to make sure there is no packet drops.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: