Guest

Preview Tool

Cisco Bug: CSCvu99616 - Snort initiate reset and Failed to load - Real websites in Browser

Last Modified

Oct 19, 2020

Products (2)

  • Cisco SD-WAN
  • Cisco SD-WAN

Known Affected Releases

16.12.4 17.2.1 17.3

Description (partial)

Symptom:
Web page failed to load

Conditions:
UTD IPS/IDS enabled

In IDS mode the following events/alerts are seen however, some customers have still reported seeing a drop/connection being reset despite running in IDS mode/seeing an alert (not a drop):
Router# show utd engine standard logging events
2020/07/14-05:31:38.364693 UTC [**] [Hostname: 192.168.1.1] [**] [Instance_ID: 1] [**] Alert [**] [120:28:1] http_inspect: INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS [**] [Classification: 0] [Priority: 0] [VRF: 1] {TCP} 1.1.1.1:443 -> 2.2.2.2:51378

In IPS mode the following events/drops are seen and the packet is dropped:
Router# show utd engine standard logging events
2020/07/14-05:31:38.364693 UTC [**] [Hostname: 192.168.1.1] [**] [Instance_ID: 1] [**] Drop [**] [120:28:1] http_inspect: INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS [**] [Classification: 0] [Priority: 0] [VRF: 1] {TCP} 1.1.1.1:443 -> 2.2.2.2:51378
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.