Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Karlsson
Participant

Microsoft Exchange Online Protection and TCP segment out of maximum allowed sequence. Packet dropped.

We have recently seen an increasing amount of drops due to "TCP segment out of maximum allowed sequence."

After contact with support we are provided sk66576.
The issue is thus related to tcp window size and the firewall will drop a session after not seeing the expected ACK after 16384 bytes by default.
The recommendation as per the SK is to gradually increase this until the drops disappear or the security gateway gets low on memory.

However, after some analysis it seems that the involved sources and destinations are all related to Office365 for users https connections and Microsoft Exchange Online Protection for SMTP.

Are we the only ones seeing this issues? Did Microsoft update their services to use more aggressive settings?

Any insight or shared experience will be greatly appreciated.

2 Replies
Alisson_Lima
Contributor

Hi Daniel,

This is a behavior a lot complex. Like you mentioned, the drops ocurred with requests to Office 365 and the, It's possible create a exception in this signature? Besides that:

1 - What's firewall version and take release you are using?

Regards,

Alisson Lima

0 Kudos
Daniel_Karlsson
Participant

Hello Alison

We added an execption for the threat and that works well of course. However I have read in other threads that this may in fact put all inspection out of order. This it not yet 100% determined.

We use R80.10 HFA Take 103
(We attempted Take 154 but had to back out due to issues with certain sensitive traffic.)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events