Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
prasanga
Explorer

What is the impact of passing "First Packet isn't sync" traffic at the firewall ?

Jump to solution

What is the impact of passing "First Packet isn't sync" traffic at the firewall ?

When attending to application related issues, sometimes these dropped "First Packet isn't sync" traffic are misleading for troubleshooting.

Is there any impact of permanently passing "First Packet isn't sync" without blocking ?

 

regards,

Pasanga 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

That’s the global setting.
However it’s better to go through the troubleshooting steps here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
And it would be far better to disable it for a specific traffic flow versus globally: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

The very first packet of a TCP connection is a SYN with no other flags.
If we see the full TCP handshake, we can be sure the client actually initiated the connection with the server and the server acknowledged it:
Otherwise, it is possible some third party injected traffic.

Some reasons you might see these messages include:

  • Long term TCP connection expires due to lack of activity (2 hours is the default)
  • Asymmetric Routing

These checks are made for a reason and it is not generally recommended to disable these checks except in very specific circumstances for a limited period of time.

0 Kudos
prasanga
Explorer

Thanks for the reply.

What is the exact place in Smart Console to enable or disable this.

regards,

Prasanga

0 Kudos
the_rock
Authority
Authority

Phoneboy can confirm for sure, but I believe that would be related to global properties -> stateful inspection

0 Kudos
PhoneBoy
Admin
Admin

That’s the global setting.
However it’s better to go through the troubleshooting steps here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
And it would be far better to disable it for a specific traffic flow versus globally: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
prasanga
Explorer

Thanks a lot for the response.

0 Kudos