topic Security Policies in Firewall in General Topics

Security Policies in Firewall

Durga.Chitturi — Tue, 06 Apr 2021 21:59:57 GMT

How to troubleshoot when we get sessions end reasons:

Tcp-rst-Server

Tcp-rst- client

Tcp-fin

n/a

Aged out

I know what all these but I don't know how to troubleshoot the issue and don't know where to start troubleshoot

Can someone help on this.

Re: Security Policies in Firewall

S.Cantwell — Wed, 07 Apr 2021 02:11:26 GMT

Well, for the TCP reset, you would start by going to the actual computer/server and do a packet capture or install Wireshark or similar software. As you are aware, these messages do not come from the FW, but from those devices. Start with the devices and look to see why they are sending those messages. If Microsoft endpoints, then you may want to contact MS to support their OS.

Fin does not need to be troubleshoot. A tcp-fin means the sessions between client/server was closed properly.

aged-out means that the FW held the session open for 3600 secs (if TCP) or 30 sec (if UDP) and either side (client/server) talked and so, to save resources, the session was closed. Again, endpoint/server caused... not by the FW.

N/A means not available....

Re: Security Policies in Firewall

BPry — Wed, 07 Apr 2021 16:54:25 GMT

@Durga.Chitturi,

Just to expand on what @S.Cantwell already stated, generally the only one that could point to an issue with your firewall is aged-out. If you're seeing aged-out traffic on something and it's not actually working as expected, it could point towards a routing issue on your firewall.

Just to be very clear here however, just because you are seeing aged-out responses doesn't automatically mean you have a routing issue on your firewall. aged-out is a common session end reason that doesn't mean you should be looking for a problem, it just means that if someone is reporting a problem and you are seeing aged-out in the logs that it could point towards a potential routing issue.