Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

First packet isn't Syn; tcp_flags: ACK

Hi All,

 

Our Firewall drops traffic between client and server randomly and we can't figure out why. Here are configuration and the log info found

Host A is configured as Client 
Host B is configured as Server

In the Checkpoint traffic details:
Source: Host B's IP Address
Destination: Host A's IP Address

TCP Packet out of state: First packet isn't SYN
TCP Flags: ACK

 

If TCP Flags is ACK, this means that the source is trying to send ACK to the destination. But the firewall blocks it because this is not following the TCP 3-way handshake. Is my understanding correct?

If true, why is the source which is configured as the server sending an ACK? Any ideas?
Thank you!

 

Best regards

TO READ THE FULL POST it's simple and free

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events