- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi guys,
We are troubleshooting an issue and see many HTTPS packets dropped with the following message in the logs:
'TCP packet out of state -First packet isn't SYN'
I've tried to disable this protection for one specific source, so open Inspection settings, and added an Exception for this specific source IP (all protections, profiles and destinations)
However I still see packets being dropped with the same message in the logs.
Is there a way to bypass an specific source or destination of this protection?
Thanks
Timothy_Hall
What TCP flags (RST, FIN, ACK, etc.) are you seeing on the packets dropped as out of state? If they are RST or FIN the connection is already dead so you can probably ignore those. If the flags on the dropped packets are SYN and ACK (or perhaps just ACK), that may indicate asymmetric routing going around the firewall. If the flags on the dropped packet are some combo of only ACK/PSH/URG usually that means the connection was timed out by the firewall, in that case you can try increasing the service timeout for HTTPS on the Advanced screen of the matching HTTPS service.
Thanks Timothy,
The flags are 'PUSH-ACK'
BR
Timothy_Hall
Try increasing the timeout for the HTTPS service on its Advanced screen, and make sure you modify the correct HTTPS/port 443 service that is actually matching the problematic traffic as there may be several defined.
Hi,
Finally the issue got fixed after a reboot of the secondary node, while troubleshooting another issue. Difficult to understand what happened
Thanks anyway!
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY