- Products
- Learn
- Local User Groups
- Partners
- More
The State of Ransomware Q1 2026
Key Trends and Their Impact
Good, Better, Best:
Prioritizing Defenses Against Credential Abuse
AI Security Masters E7:
How CPR Broke ChatGPT's Isolation and What It Means for You
Blueprint Architecture for Securing
The AI Factory & AI Data Center
Call For Papers
Your Expertise. Our Stage
CheckMates Go:
CheckMates Fest
This proves what you have said already, but does not bring any additional info, other than it seem you are using Modbus TCP over port 502.
According to the specifications, Server should not send ACK, see page 17 here: https://modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0b.pdf
I suggest running traces to prove the dropped packet is indeed ACK and not ACK-FIN, when coming from the server. If it is, you need to talk to the application owners, of you can try disabling stateful inspection selectively as mentioned above.
If server actually sends something other than a clean ACK, but FW considers it to be ACK and drops it eventually, you need to take it with TAC
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
