| |
 We have recently identified a problem with Cisco Pix firewalls that can have a negative impact on the performance and stability of your TCP based networks. Apparently the more recent Pix Firewalls and the more recent version of the Pix Firewall software include 4 new features:
InspectHTTP
InspectIM
InspectESMTP (This has replaced MailGuard)
InspectFTP
According to reports in the Cisco Support forums enabling any of these settings can cause intermittent TCP disconnects to occur across various applications, such as web browsers, ftp clients, the reception of SMTP mail, and of course the FirstClass client connection, which will generate a 1027 error to the user. The behaviour seems to be random TCP disconnects across the entire network, without any definitive pattern.
If you are experiencing a large number of 1027 errors at your site since upgrading your pix firewall software to version 7.x.x.x then you should verify that these are not currently enabled.
A link to one of the many discussions about these bugs in the Cisco forums can be found here.
| ||