We have received an request to disable the drop of packets due to bad checksum. I had the following questions on this:
Q1: Can i see in the traffic logs if any connections are dropped due to bad checksum.
Q2: This can be done by entering the following command through CLI
set session strict-checksum no
Is this correct? Will it have any impact on the overall functioning of firewall.
A) you can only see those drops though global counters, they will not show on traffic logs
B) correct, that command will disable the checksums. It should not have an impact on global traffic, it will simply disable the security check
This would only be recorded in the interface counters as far as I'm aware, it'll never actually get recorded in the traffic logs. The command you are using is correct set session strict-checksum no will disable validation of TCP and IP checksum.
What you are doing with this command isn't necessarily going to cause any ill-effects, however it really shouldn't need to be done in most situations. It won't cause any issues to other traffic if done however; your just going to be processing traffic that amy be corrupt.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!