https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpout-of-state-first-packet-isnt-sync/m-p/193805#M36025 <P>Fix the application that is causing the problem.<BR />If that's not possible, you can disable it for a specific flow by following the steps here:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk11088" target="_blank">https://support.checkpoint.com/results/sk/sk11088</A>&nbsp;</P> Thu, 28 Sep 2023 19:19:11 GMT PhoneBoy 2023-09-28T19:19:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpout-of-state-first-packet-isnt-sync/m-p/193754#M36006 <P>we are receiving logs with first packet isnt sync. as of now for work around we have disabled the tcp out of state in global properties. but its not an good idea to keep this disabled. so instead of disabling how can we over come this issue?</P><P>and what are steps to troubleshoot ?</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 28 Sep 2023 11:49:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpout-of-state-first-packet-isnt-sync/m-p/193754#M36006 tavi0906 2023-09-28T11:49:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpout-of-state-first-packet-isnt-sync/m-p/193763#M36012 <P>Please share the gateway version and jumbo level, in addition:</P> <P>Is the gateway under memory capacity pressure - any aggressive aging logs?</P> <P>Is the issue specific to a certain application?</P> <P>How about the routing have you checked for asymmetrical routing?</P> <P>&nbsp;</P> Thu, 28 Sep 2023 12:56:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpout-of-state-first-packet-isnt-sync/m-p/193763#M36012 Chris_Atkinson 2023-09-28T12:56:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpout-of-state-first-packet-isnt-sync/m-p/193768#M36015 <P>I assume you mean first packet isnt SYN? Anyway, what really means in layman's terms is that connection is not completing to the point of 3-way handshake, syn-synack-ack</P> <P>I would say run below captures. Lets assume src is 1.1.1.1 and dst is 2.2.2.2 and port is 444</P> <P>tcpdump -enni any host 2.2.2.2 and port 444</P> <P>fw monitor -e "accept host(2.2.2.2) and port(444);"</P> <P>fw monitor -e "accept host(1.1.1.1) and host(2.2.2.2) and port(444);"</P> <P>fw monitor -F '1.1.1.1,0,2.2.2.2,444,0" -F "2.2.2.2,0,1.1.1.1,444,0"</P> <P>Idea is when you do -F flad you follow "srcip,srcport,dstip,dstport,protocol"</P> <P>You can also refer to great site my colleague made over the years for captures/debugs on different vendors</P> <P>Andy</P> <P><A href="http://www.tcpdump101.com" target="_blank">www.tcpdump101.com</A></P> <P>&nbsp;</P> Thu, 28 Sep 2023 13:45:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpout-of-state-first-packet-isnt-sync/m-p/193768#M36015 the_rock 2023-09-28T13:45:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpout-of-state-first-packet-isnt-sync/m-p/193805#M36025 <P>Fix the application that is causing the problem.<BR />If that's not possible, you can disable it for a specific flow by following the steps here:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk11088" target="_blank">https://support.checkpoint.com/results/sk/sk11088</A>&nbsp;</P> Thu, 28 Sep 2023 19:19:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpout-of-state-first-packet-isnt-sync/m-p/193805#M36025 PhoneBoy 2023-09-28T19:19:11Z