Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 30 replies
  • Subscribers 2 subscribers
  • Views 49498 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FW dropping ACK, RST/ACK & FIN/ACK packets though packets are from valid sessions

Jim Tagert
Does the ASG function in this manner?

When the firewall receives a TCP RST for an existing session it immediately clears the session from the session table. This means there is no longer a valid session for the TCP RST/ACK to pass through. Hence, the firewall will treat the TCP RST/ACK as a non-SYN first packet and drop it.



Thanks,

Jim


This thread was automatically locked due to age.
Parents
  • 0
    I haven't. 
    I need to play with it a little more though; I was trying something else with a PF rule today, and it took a LONG time (~5mins) before the rule went into effect, so I need to re-test the rule for the http traffic.
    (this was on 7.306; I have no idea why it took so long, the cpu load is low)

    Thanks,
    Barry
Reply
  • 0
    I haven't. 
    I need to play with it a little more though; I was trying something else with a PF rule today, and it took a LONG time (~5mins) before the rule went into effect, so I need to re-test the rule for the http traffic.
    (this was on 7.306; I have no idea why it took so long, the cpu load is low)

    Thanks,
    Barry
Children
No Data