Disabling bad checksum on Firewalls

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Disabling bad checksum on Firewalls

L0 Member

Hi All,

 

We have received an request to disable the drop of packets due to bad checksum. I had the following questions on this:

 

Q1: Can i see in the traffic logs if any connections are dropped due to bad checksum.

 

Q2: This can be done by entering the following command through CLI

 

set session strict-checksum no

 

Is this correct? Will it have any impact on the overall functioning of firewall.

 

 

 

 

 

 

 

 

 

3 REPLIES 3

Cyber Elite
Cyber Elite

A) you can only see those drops though global counters, they will not show on traffic logs

B) correct, that command will disable the checksums. It should not have an impact on global traffic, it will simply disable the security check

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Cyber Elite
Cyber Elite

@Abhishekc,

This would only be recorded in the interface counters as far as I'm aware, it'll never actually get recorded in the traffic logs. The command you are using is correct set session strict-checksum no will disable validation of TCP and IP checksum. 

What you are doing with this command isn't necessarily going to cause any ill-effects, however it really shouldn't need to be done in most situations. It won't cause any issues to other traffic if done however; your just going to be processing traffic that amy be corrupt.

This for update, really well for me, thank you! have same question here.

Help is appreciated.

  • 3346 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!