Preview Tool

Cisco Bug: CSCul47395 - ASA should allow out-of-order traffic through normalizer for ScanSafe

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.0(3) 9.1(3)

Description (partial)

When faced with minimal packet loss, the ASA using the ScanSafe connector feature may cause significant performance delay while trying to buffer traffic and Normalize the flow. This is a feature change request to allow a user to configure the normalizer such that out-of-order packets will be allowed through and buffered/processed by the client TCP stack and not the intermediary stack enforced by the ASA TCP Normailzer functionality.

This is seen when using the ScanSafe feature on the ASA (9.0 and later) and there is some, even a little, packet loss between the ScanSafe tower and the ASA Connector.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.