topic Re: Kerberos-TCP violation in Firewall and Security Management

Kerberos-TCP violation

xLadyMorgana — Tue, 26 Nov 2024 14:37:21 GMT

Hi All,

I have one edge gateway that is giving this 'Connection alert' when some traffic is routing through here. No other gateway is having this issue. I'm still in touch with TAC but they are saying it might be a Identity Awareness issue with Kerberos but our identity awareness is setup identical throughout all gateways. Has anyone run into this error before and can give some guidance on what else it might be? I've personally not seen this before.

Firewall - Protocol violation detected with protocol:(Kerberos-TCP), matched protocol sig_id:(2), violation sig_id:(4). (500)

Re: Kerberos-TCP violation

PhoneBoy — Tue, 26 Nov 2024 21:07:33 GMT

You might try disabling the protocol signature for the Kerberos-TCP service.
This is done in the relevant service object in the Advanced section.
Curiously, the default Kerberos service (called Kerberos_v5_TCP in a default R81.20 installation) does not have this checked.

Re: Kerberos-TCP violation

the_rock — Tue, 26 Nov 2024 21:12:47 GMT

I would try what Phoneboy suggested, makes sense.

Andy