Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
The %FW-4-ALERT_ON: getting aggressive, count(501/500) current 1-min rate: 126 warning message is displayed in the logs of the router running Cisco IOS software version 12.3
A router becomes aggressive when it has more half-open sessions than allowed. By default, the maximum number of half-open sessions (the max-incomplete high value) is 500. Once it reaches that number, the router does not take any more half-open sessions until it reaches the max-incomplete low (or calm down) value, which is 400 by default.
As a workaround, increase the max-incomplete high-low values to resolve the issue.
These are the related commands:
ip inspect max-incomplete highThis command specifies the number of existing half-open sessions, and when exceeded, causes the software to delete half-open sessions.
ip inspect max-incomplete lowThis command specifies the number of existing half-open sessions that cause the software to stop the deletion of half-open sessions.
In order to calculate the high and low values, multiply the number of local hosts by 10 (XXX). This is the max-incomplete high, and the max-incomplete low is 20 percent below the high value (YYY).
For example, if there are 100 local hosts, this output shows the suggested settings for high and low:
Router(config)#ip inspect max-incomplete high 1000 Router(config)#ip inspect max-incomplete low 800