New Sessions

JosueFernando — Thu, 13 Mar 2014 20:09:59 GMT

I have a question, what happen when the firewall have a active session and need create a same session but the old session is active?, for example, the firewall have a following session

10.50.213.22 port 1020 -----> 10.65.22.15 port 515

this session is active but the server still sending connections for example

10.50.213.22 port 1021 -----> 10.65.22.15 port 515

10.50.213.22 port 1022 -----> 10.65.22.15 port 515

10.50.213.22 port 1023 -----> 10.65.22.15 port 515

10.50.213.22 port 1024 -----> 10.65.22.15 port 515

but the next connection is again

10.50.213.22 port 1020 -----> 10.65.22.15 port 515

and the firewall has an old active session, the question is what happen with the new session?

Can you help me with this?

Re: New Sessions

HULK — Thu, 13 Mar 2014 22:15:23 GMT

Hello Fernando,

As per my understanding, until all 5 parameters for tuple values ( Src IP, Dst IP, Src-port, Dst-port, Protocol) are not same, the firewall will create a new session. For example, the firewall will create a different session for packet initiated from the same source IP to destination IP ( same protocol) with Src port 1021, 1022, 1023 etc.

If the firewall is again initiating a connection from 10.50.213.22 port 1020 -----> 10.65.22.15 port 515, and old session is still active, I hope the FW will identify as a duplicate flow and drop it.

But i have read on a TCP RFC ( not sure the RFC number:-RFC: 793, RFC: 1180 RFC: 1323) , said that, if all 65535 source ports exhausted on a system, it can consider the "time-stamp" of the TCP SYN to identify/differentiate a new session with all 5 matching tuple parameters.

Thanks

topic Re: New Sessions in General Topics

New Sessions

Re: New Sessions