Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Participant

Cloudgaurd R80.10 virtual gw (NSX-V 6.7) droping TCP 3 way handshake's 3rd ACK packet

This is a example test capture and IPs are test IPs.

Client: 10.68.65.230     Server:10.68.86.9:tcp443 is the communication I am looking at.

I want to understand why 3rd ACK [packet 8] doesnt have full chain captured in this "fw monitor" capture.

For example, if you look the first [SYN] you will see all (x0eth2,i1eth2, I7eth2,o1eth2,O8eth2,X0eth2) all packets in the capture.

Why I dont see that full chain for packet number 8?

Does that mean, (the 3rd packet [ACK] of tcp 3 way handshake),  is dropped by Cloudguard?

The actual issue is the server (10.68.86.9) never recieves the ACK and hence 3 way tcp handshake never completes from server perspective and hence conenction failing.

Why I am not seeing the full chain for the 8th packet in the attahced is a puzzle to me ??

 

 

0 Kudos
Reply
1 Reply
Admin
Admin

That's likely and fw ctl zdebug drop should tell you why if it's not in the logs.

0 Kudos
Reply