Cisco CBAC Firewall - FW-4-ALERT_ON: getting aggressive

Had an issue recently were the CBAC firewall on a Cisco 1811 was slowing down/blocking internet traffic.  My inspect policy was doing basic inspection (tcp, icmp - not http,https). The log showed: %FW-4-ALERT_ON: getting aggressive, cound (501/500) current 1-min rate: 216

Cisco explains this as the "router becomes aggressive when it has more half-open sessions than allowed."  They recommend increasing ip inspection thresholds with ip inspect max-incomplete high 1000 and ip inspect max-incomplete low 800, per supportforums.cisco.com.

Unfortunately this did not resolve my problem, and I used ip inspect one-minute high 2000 and ip inspect one-minute low 1800 which brought everything back to normal.  If you want to increase all session thresholds in the hope of fixing your issue, here they are:

ip inspect max-incomplete high 5000
ip inspect max-incomplete low 4800
ip inspect one-minute high 5000
ip inspect one-minute low 4800
ip inspect udp idle-time 60
ip inspect tcp idle-time 43200
ip inspect tcp synwait-time 60
ip inspect tcp max-incomplete host 200 block-time 0

To get logging details, you can use ip inspect audit-trail