Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
210
Views
0
Helpful
1
Replies

IOS Firewall 2620 major internet slowdown

Aaron D
Level 1
Level 1

‎02-19-2003 12:40 PM - edited ‎03-09-2019 02:09 AM

Have T1 to internet. When enabling the firewall the performance slows to a crawl. When removed, we are fine. Any ideas? No http inspection already saw that issue.

thanks

Aaron

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎02-20-2003 08:30 PM

How many sessions do you have going thru this box? What does a "sho ip inspect stat" command show. If you're plugged into the console when you enable it, do you see a "getting aggressive" message appear, this indicates that the router is seeing too many sessions and is going to start blocking new ones.

On a busy router the default number of connections and half-open connections may not be enough. Try tweaking the following:

> ip inspect max-incomplete high xxxxx

> ip inspect max-incomplete low xxxx

> ip inspect one-minute high xxxx

> ip inspect one-minute low xxxx

and see if you get better results. Use the output of the "sho ip inspect stat" command to figure out how many sessions the router currently has, it can sometimes take a while to get a good value.

0 Helpful
Customers Also Viewed These Support Documents