This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DannyCor
Newcomer
yesterday

First Packet Isn't SYN drop

I am new to Checkpoint firewall and have been dealing with "First Packet Isn't SYN" issue for the last few weeks. This is happening between interface and one of application server, both server communicate on port 4000. The odd thing I see only first 3 packets are dropped then the 4th allowed to get through.

 

At the moment, I only have access to logs only, not configuration. Any configuration changes need to be communicated with other team.

Anything place I can start to troubleshoot the issue?

 

 

Preview file
61 KB
Preview file
47 KB
0 Kudos
3 Replies
the_rock
Legend
Legend
yesterday

That can sometimes be bit tricky to troubleshoot. I would say, run tcpdump and fw monitor to see whats happening with the traffic. Also, I would do ip r g command to make sure route is right. Say IP is 10.9.8.7, you can run ip r g 10.9.8.7 from the expert mode.

Hope that helps.

Andy

0 Kudos
AkosBakos
Leader Leader
Leader
6 hours ago

Hi @DannyCor 

  • If you check the name of the incoming interface at the first packet what do you see? (eg.: eth1)
  • The interface is the same by that packet which is dropped?

Here is a screenshot what to check:

2025-01-10 09_22_45-10.211.190.100-R81.20-SmartConsole.png

If not the same, we are facing with asymmetrical routing.

Akos

 

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend
2 hours ago
In response to AkosBakos

Routing usually comes to mind with this sort of error.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events