https://live.paloaltonetworks.com/t5/general-topics/session-created-by-syn-cookie/m-p/342976#M85902 <P>Hello,</P><P>&nbsp;</P><P>what process and what is going on if a session (SIP) is created by "Syn Cookie" ?</P><P>Is this a valid Session, does this indicate a Problem ?</P><P>&nbsp;</P><P>We configured an App-Override Policy to mitigate Problems between Phone-System and SIP ALG.</P><P>We see now all Sessions are created based on Syn Cookies.</P><P>&nbsp;</P><P>René</P><P>&nbsp;</P> Mon, 10 Aug 2020 06:29:43 GMT rekuhn 2020-08-10T06:29:43Z https://live.paloaltonetworks.com/t5/general-topics/session-created-by-syn-cookie/m-p/342976#M85902 <P>Hello,</P><P>&nbsp;</P><P>what process and what is going on if a session (SIP) is created by "Syn Cookie" ?</P><P>Is this a valid Session, does this indicate a Problem ?</P><P>&nbsp;</P><P>We configured an App-Override Policy to mitigate Problems between Phone-System and SIP ALG.</P><P>We see now all Sessions are created based on Syn Cookies.</P><P>&nbsp;</P><P>René</P><P>&nbsp;</P> Mon, 10 Aug 2020 06:29:43 GMT https://live.paloaltonetworks.com/t5/general-topics/session-created-by-syn-cookie/m-p/342976#M85902 rekuhn 2020-08-10T06:29:43Z https://live.paloaltonetworks.com/t5/general-topics/session-created-by-syn-cookie/m-p/343683#M86022 <P>Syn cookies are part of zone protection(not app override)</P><P>It requires the client sending the original syn to complete a little "challenge" before the firewall accepts the connection as a valid session</P><P>&nbsp;</P><P>The session is not created "by" the syn cookies, the syn cookie is an added tcp check to prevent syn floods</P><P>&nbsp;</P><P>In regards to sip issues, you can try disabling the ALG via the application (objects &gt; applications) before fiddling with app override</P><P>&nbsp;</P><P>Hope this helps</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 13 Aug 2020 07:37:27 GMT https://live.paloaltonetworks.com/t5/general-topics/session-created-by-syn-cookie/m-p/343683#M86022 reaper 2020-08-13T07:37:27Z