Hi All,

I'm experiencing similar issue.

I have an FWSM which originally run version 2.3(3). It is configured in multiple context mode. One of the contexts passes SQL*Net traffic (TCP port 1521).

Recently I upgraded the FWSM to 3.1(8). The end-user started to complain that their backup application (using SQL) took 12 hours to complete compared to 2 hours previously before the FWSM upgrade.

Comparing the "timeout" commands of both 2.3 and 3.1, I notice they are the same, as follows:

FWSM 2.3(3)

-----------

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

FWSM 3.1(8)

-----------

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

I have the following application inspection configs:

!

class-map class_sip_tcp

match port tcp eq sip

class-map inspection_default

match default-inspection-traffic

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect skinny

inspect smtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect xdmcp

class class_sip_tcp

inspect sip

!

The client is located at other parts of the network. The SQL server is located behind this FWSM context. Capturing packet trace on the client VLAN reveals many of the following messages:

[TCP Dup ACK...]

[TCP Retransmission...]

[TCP Out-Of-Order] [Continuation to #...]

[TCP ACKed lost segment]

Can anyone advise what's wrong with the FWSM? I can't find Release Notes of 3.1(8). Going through Release Notes of 3.1(9), I don't find any SQL-related issues.

Please help.

Thank you.

B.Rgds,

Lim TS