Firewall throttling occurs when a firewall or other intermediate device prioritizes some connections over others, or denies some connections. This may be due to traffic policies explicitly defined on the device, or to one or more misconfigurations.  

Application Symptoms

A DevOps engineer is responsible for monitoring the performance of a mission-critical app. She scans the Application Dashboard and notices that:

  • Ecom-Tier1 and Ecom-Tier2 are showing many errors
  • Traffic Loads and Errors are increasing, while response times are decreasing (bottom charts)

Application Dashboard

Network Diagnosis

  1. She switches over to the Network Dashboard and sees immediately that many network errors are occurring on the links between the Ecom-Tiers and the load balancer in the center.
    Network Flow Map
  2. She right-clicks Ecom-Tier1 and selects View Metrics. She notices:
    1. The Network Impact on Transactions chart shows that transaction Errors and Network Errors have started increasing at the same time.
      Network impact on transactions 
    2. The Network Errors - Contributors chart shows that two types of Network Errors are increasing: 
      1. Syn Resets — This reset occurs when the firewall explicitly rejects a connection request before it can get established.
        Network Errors Syn Resets 
      2. RST on Established — This reset occurs when the firewall shuts down an established connection due to traffic-throttling or other policy on the device.
         Network Errors RST on Established
    3. The Connection Rate Info chart shows that the rate of Connection Errors and Resets are exactly the same where every connection error is a connection reset. This shows that the firewall in the load balancer is rejecting connections. 
      Connection rate information chart