This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mike_Lutgendorf
Participant
‎2019-02-05 12:01 PM

Dropping connection: Unexpected post SYN packet - RST or SYN expected

Let me attempt to shorten this as much as possible. 

Oracle smartview client gets random connection drops with this error. 

Here's the kicker. There are already rules in place to the same addresses that are being allowed through. So it's only a portion of this traffic that's having the issue.

In the logs it shows part of the traffic being accepted by anc access rule and the next one as dropped with no rule being referenced. 

Furthermore it's not occuring on all devices or locations... I'd say it's relegated to win 10 only but that also turns out to not be true either. 

Id: 0a0a255d-ad91-7009-5c59-c35b62cf0064
Marker: @A@@B@1549383440@C@1319633
Log Server Origin: 10.10.37.93
Time: 2019-02-05T17:09:47Z
Interface Direction: inbound
Interface Name: eth1-01
Id Generated By Indexer:false
First: true
Sequencenum: 435
TCP packet out of state:Unexpected post SYN packet - RST or SYN expected
TCP Flags: ACK
Source Port: 34391
Destination: 172.20.30.30
Destination Port: 19000
IP Protocol: 6
Session ID: 0
Action: Drop
Type: Connection
Policy Name: Standard
Policy Management:
Db Tag: {D2927384-4139-4446-A92A-D687F942C3A3}
Policy Date: 2019-02-04T23:42:15Z
Blade: Firewall
Origin: 
Service: TCP/19000
Product Family: Access
Logid: 1
Interface: eth1-01
Description: TCP.19000 Traffic Dropped from 172.20.30.30

Thanks for your help ahead of time. 

Disclaimer: Still a beginner with checkpoint. 

Labels
0 Kudos
2 Replies
Mark_Mitchell
Advisor
‎2019-02-05 01:08 PM

Hi Mike,

From what you have said and the drop message you are seeing, it may point to some asymmetric routing. 

Are you running a HA cluster? If so is it HA or load sharing? 

"Unexpected post SYN packet - RST or SYN expected" log in SmartView Tracker  

Regards

Mark

0 Kudos
Mike_Lutgendorf
Participant
‎2019-02-05 01:57 PM
In response to Mark_Mitchell

So what i'm told from the system engineers (i'm just the sec guy) is that we do and it does, but they're not too sure that it's really utilized to such a capacity. 

I will check out the link you sent. 

Thank you. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events