Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Stefano_Cappell
Participant

Is this a Legitimate "fist packet isn't SYN drop"?

We have this transaction that, in this example, startsat 11:00. At 11.02 the remote server tries to close it sending the FIN but the local server tries to close it only half an hour later (at 11.30). This FIN packet gets retransmitted  but no ack is sent by the remote server. At last the local server sends a RST

2020-10-22 15_08_23-poller - 172.20.3.2 - Connessione Desktop remoto.png

 My problem here is that those Resets (and sometimes some final FIN ACK packet as well) get blocked by our Checkpoint as a "first packet isn't SYN"

 

2020-10-22 15_04_42-poller - 172.20.3.2 - Connessione Desktop remoto.png

 

Is this legitimate? the tcp session timeout configured for the firewall is 3600. Is this because those packet are past both side FIN packet and the TCP end timeout is set (by default) at 5 seconds?

thanks  

 

 

0 Kudos
1 Reply
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events