- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
This proves what you have said already, but does not bring any additional info, other than it seem you are using Modbus TCP over port 502.
According to the specifications, Server should not send ACK, see page 17 here: https://modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0b.pdf
I suggest running traces to prove the dropped packet is indeed ACK and not ACK-FIN, when coming from the server. If it is, you need to talk to the application owners, of you can try disabling stateful inspection selectively as mentioned above.
If server actually sends something other than a clean ACK, but FW considers it to be ACK and drops it eventually, you need to take it with TAC
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
