This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
arcotangente
Participant
‎2021-07-08 07:52 AM

Drops "TCP Out of Sequence" even after creating excepcions

Hi guys,

We are troubleshooting a random issue with a connection between 2 internal hosts and some external servers on a cloud provider. We don't know if it is related to the issue or not, but we observe in the firewalls logs some "TCP out of state" packet drop.

Most of the drops have "ACK" as TCP flag, and some "PUSH-ACK", as shown on the screenshots attached. 

So we went to Inspection Settings and for our gateway we added the source IPs (only the source, Any destination) and the destination port (443) as exception for the protection "TCP out of Sequence". However nothing has changed, and the gateways keep dropping the packets for time to time.

The gateway cluster is a 4000 series running R80.10

Any help on this?

 

Thanks

 

ACK.pngPUSH ACK.png

Labels
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-07-08 08:34 AM

Why R80.10 and not a later release?
Regardless a TAC case may be necessary to get to the bottom of this.

0 Kudos
arcotangente
Participant
‎2021-07-09 03:33 AM
In response to PhoneBoy

Hi,

We haven't had any issues with R80.10 so haven't considered upgrading to a later release. 

Anyway, why after we put the IP's under exceptions in the Inspection Settings these drops are still happening? is not that the right place to do it? which could be the cause of seeing many ACKs drops and some PUSH-ACKs drops?

Thanks!

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-09 05:02 PM
In response to arcotangente

Per our original schedule, R80.10 should be End of Support by now, but we extended it to January 2022.
There are numerous improvements in more recent releases.

In any case, you're modifying a protection related to TCP sequence numbers, which has nothing to do with this.
What you probably want to do is: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events