Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 28 replies
  • Answers 1 answer
  • Subscribers 37 subscribers
  • Views 79649 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid TCP RST

StuartMitchell

Hi there!

Okay, usually I can work through any errors I find, but this one's got me completely stumped. I've read through the forums, but can't find any solutions to my issue.

Quick setup explanation:

XG Firmware = SFOS 17.0.5 MR-5
LAN Subnet = 10.10.10.0/24
WAN IP Address = 192.168.200.200/24
WAN Gateway = 192.168.200.254

The internet works fine (for the most part), but in the firewall logs, I see these:

As you can see, it's being Denied by Firewall Rule #2, which makes absolutely no sense to me as this is Rule #2:

The Staff LAN network definition is 10.10.10.0/24
The AFT Microwave is their primary connection, and the 4G Dongle is a fail-over (currently not active)
The AFT hardware is forwarding all ports through to the XG to allow us to manage port forwarding, etc (or so we were told)

I have two questions:

1. Why am I getting these errors

2. Why is this rule even denying this traffic? There's nothing in the rule that should be applying to traffic trying to go from the XG's WAN interface (192.168.200.200/24) to an external IP address.

Thanks in advance!



This thread was automatically locked due to age.
  • 0 in reply to rfcat_vk

    same problem here.

     

    This situation appears with a " big" download within the 2 minutes...

     

    So conntrack seems to be not responsible of this.

     

    Firmware : SFV2C4 (SFOS 17.0.3 MR-3)

    With different APACHE source for download, this seems to have not the same behaviour.

     

    Will try with the newest firmware.

  • 0

    Hi,

    Me too getting this error.

    Its an application server communication, Sophos blocking it. No idea why?

  • 0 in reply to Myth-M

    Hi,


    Seems like XG only blocking duplicate RST.

    No reason to worry about this. 

     

    Cheers

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    This is a big issue.  I have a remote VMWARE 6.5 setup that I have connected through VPN with no NAT being used.  I can not upload to the Datastores.  I can get on a workstation local to the network and everything works but nothing through the VPN connection.  I started looking through the Firewall and I see a bunch on Denies with this error message on my VPN rule.  This is a bigger problem.

  • 0 in reply to John Loy

    Hi,

    you have another issue. Please open a thread in our comunity with all information. 

    The invalid TCP RST pakets is just a drop - the client already sent a RST to the server. So the Interrupt already happened. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I got this morning these alerts, TCP RST, for a software that sync. My analysis is this is true the communication is done between the client and the server, I can see on the server sync appear, but this is true also the user client gets many messages of errors as such : you cannot authenticate with these credentials. Obviously those credentials are good. So if the interrupt already happened and is done the message seems to continue and panicked the user.

  • 0 in reply to NausicaMedia

    But seems not to be related to the issue isn´t it? 

    Currently - to be honest - i never could observe an issue related to Invalid TCP RST. This alerts are just indicators for an other issue.

    __________________________________________________________________________________________________________________

  • 0 in reply to NausicaMedia

    I haven't seen that error for a while. I'm running latest XG.

    Paul Jr

Cookie Information Banner