[fw-wiz] Not getting all our denied logs from Cisco FWSM



While we're slogging through the beauracracy and shell game of our
TAC case at Cisco, I thought I'd ask the list whether any of you have
seen intermittent failures to send 106100 'denied' log entries from
your FWSM. We're on 2.3(3). As it turns out, these entries our
important to our operations and we're only getting about 10% of them.

We don't seem to be able to get around the deny-flow-max default of
4096. One would think that when those flows are exceeded, you would
just get the messages logged, wouldn't you? Am I missing something,
or is the firewall just throwing these away. We don't want it to do
that!!

I know Cisco is trying to not pass along a DOS here, but is there any
way to get them to STOP holding my hand and just send the logs?

The really annoying thing is, we get 100% of our 'permitted' 106100,
so I guess if someone is DOS-ing an open port they can get our syslog
server 'dos-ed' too.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Cisco TAC
    ... Cisco makes some great stuff, but their downward spiral combined with increasing arrogance isn't justified. ... Maybe there will be no nimble upstart that'll dethrone them, and perhaps their own arrogance and attitude will do the job instead. ... I called our rep and he rudely told me that I needed to spend more time with the field offices than with TAC. ... I posted the message to see what others are getting because I thought it was just me and a local group that converse with but it seems Cisco is going the way that 3Com did with their after sales support. ...
    (comp.dcom.sys.cisco)
  • RE: Tuning false positives - SIM is not the answer
    ... The ISO can be downloaded right from Cisco and like Brent said, I've got physical access and I think someone who really intended to violate the IP could. ... the "expert" account has a pw known only to ... >>that statement but during the specific support issue I worked with TAC ...
    (Focus-IDS)
  • RE: Tuning false positives - SIM is not the answer
    ... Chief Security Architect - Office of the CTO ... passwd file and there is another user account as well. ... The ISO can be downloaded right from Cisco and like Brent said, ... >>that statement but during the specific support issue I worked with TAC ...
    (Focus-IDS)
  • Re: Cisco TAC
    ... Cisco as a company is in a state of decline. ... You're success rate with TAC diminishes ... proportionately with the complexity level of your need. ... When I do get handed off to India ...
    (comp.dcom.sys.cisco)
  • Re: Know any contacts at CISCO?
    ... have you opened a TAC case? ... I worked with Cisco several years ago doing TAPI development with their TSP ... The specific version is 2.3.3 of "Unity Express", ...
    (microsoft.public.win32.programmer.tapi)