This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FW dropping ACK, RST/ACK & FIN/ACK packets though packets are from valid sessions

Does the ASG function in this manner?

When the firewall receives a TCP RST for an existing session it immediately clears the session from the session table. This means there is no longer a valid session for the TCP RST/ACK to pass through. Hence, the firewall will treat the TCP RST/ACK as a non-SYN first packet and drop it.

Thanks,

Jim

This thread was automatically locked due to age.

Parents

0 wingman over 16 years ago

do you have an example that we can see (logs or wireshark packet)?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 wingman over 16 years ago

do you have an example that we can see (logs or wireshark packet)?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 gerardocb over 15 years ago in reply to wingman

I've not checked the sessions table, but I sure I'm seeing a lot of dropped packages on the packetfilter log with the "ACKRST " flags set up. So, is this a normal behaviour? Sorry, but running 7.003 (customer not wanting to buy renewal).
Cancel
Vote Up 0 Vote Down

Cancel