AnsweredAssumed Answered

Dropping connection: Unexpected post SYN packet - RST or SYN expected

Question asked by Mike Lutgendorf on Feb 5, 2019
Latest reply on Feb 5, 2019 by Mike Lutgendorf

Let me attempt to shorten this as much as possible. 

Oracle smartview client gets random connection drops with this error. 

Here's the kicker. There are already rules in place to the same addresses that are being allowed through. So it's only a portion of this traffic that's having the issue.

In the logs it shows part of the traffic being accepted by anc access rule and the next one as dropped with no rule being referenced. 

Furthermore it's not occuring on all devices or locations... I'd say it's relegated to win 10 only but that also turns out to not be true either. 

 

Id: 0a0a255d-ad91-7009-5c59-c35b62cf0064
Marker: @A@@B@1549383440@C@1319633
Log Server Origin: 10.10.37.93
Time: 2019-02-05T17:09:47Z
Interface Direction: inbound
Interface Name: eth1-01
Id Generated By Indexer:false
First: true
Sequencenum: 435
TCP packet out of state:Unexpected post SYN packet - RST or SYN expected
TCP Flags: ACK
Source Port: 34391
Destination: 172.20.30.30
Destination Port: 19000
IP Protocol: 6
Session ID: 0
Action: Drop
Type: Connection
Policy Name: Standard
Policy Management:
Db Tag: {D2927384-4139-4446-A92A-D687F942C3A3}
Policy Date: 2019-02-04T23:42:15Z
Blade: Firewall
Origin: 
Service: TCP/19000
Product Family: Access
Logid: 1
Interface: eth1-01
Description: TCP.19000 Traffic Dropped from 172.20.30.30

 

Thanks for your help ahead of time. 

Disclaimer: Still a beginner with checkpoint. 

Outcomes