This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
prasanga
Explorer
‎2021-08-21 02:12 AM
Jump to solution

What is the impact of passing "First Packet isn't sync" traffic at the firewall ?

What is the impact of passing "First Packet isn't sync" traffic at the firewall ?

When attending to application related issues, sometimes these dropped "First Packet isn't sync" traffic are misleading for troubleshooting.

Is there any impact of permanently passing "First Packet isn't sync" without blocking ?

 

regards,

Pasanga 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-08-21 01:45 PM
In response to the_rock
Jump to solution

That’s the global setting.
However it’s better to go through the troubleshooting steps here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
And it would be far better to disable it for a specific traffic flow versus globally: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2021-08-21 09:08 AM
Jump to solution

The very first packet of a TCP connection is a SYN with no other flags.
If we see the full TCP handshake, we can be sure the client actually initiated the connection with the server and the server acknowledged it:
Otherwise, it is possible some third party injected traffic.

Some reasons you might see these messages include:

  • Long term TCP connection expires due to lack of activity (2 hours is the default)
  • Asymmetric Routing

These checks are made for a reason and it is not generally recommended to disable these checks except in very specific circumstances for a limited period of time.

0 Kudos
prasanga
Explorer
‎2021-08-21 10:43 AM
In response to PhoneBoy
Jump to solution

Thanks for the reply.

What is the exact place in Smart Console to enable or disable this.

regards,

Prasanga

0 Kudos
the_rock
Legend
Legend
‎2021-08-21 11:27 AM
In response to prasanga
Jump to solution

Phoneboy can confirm for sure, but I believe that would be related to global properties -> stateful inspection

0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-21 01:45 PM
In response to the_rock
Jump to solution

That’s the global setting.
However it’s better to go through the troubleshooting steps here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
And it would be far better to disable it for a specific traffic flow versus globally: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
prasanga
Explorer
‎2021-08-29 11:01 PM
In response to PhoneBoy
Jump to solution

Thanks a lot for the response.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top