Hello everyone,
i've a customer who have 2 pair of isg1000 in cluster acting as front and backend for a very big company.
This summer i got a problem on the backend and 20days ago i got the exact same problem on the front end and i don't know how to prevent it to happen again because disservice for this customer is really bad.
btw here's the problem:
-we depart in a condition in witch the firewall are normally operating
-suddenly the number of session increase a lot (from 30% of max to 90-100% max capacity)
-traffic remain the same
-studing the logs i found that timeout on primary node for every session is 14x the normal timeout. So primary node is using backup timeout
-firewall is ignoring TCP-Fin
in this condition the sessions do not close so at a point traffic slow down until it stops because the firewall can not provide new sessions.
Jtac already got every log i can provide: log,tech support, dump ect
BUT they can not discriminate if it is an hardware or software problem without see the problem in live, but obviusly i can not reproduce disservice intentionally.
have you ever got this problems? someone have any ideas?
thx a lot 
Andrea
ps firewall are ISG1000 with 6.3r21