PA sends a reset(RST) when TCP session is timeout?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PA sends a reset(RST) when TCP session is timeout?

L0 Member

Could you tell me when TCP session is timeout, does PA firewall send a TCP reset(RST) packet to endpoint server/client or just close and delete the session from own session table without sending any packets ?

3 REPLIES 3

Cyber Elite
Cyber Elite

if a tcp session times out (no packets received in X time) the session will simply close and no rst or fin is sent from the firewall

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi Reaper,

Thanks. One more question.
Can I change PA's setting to send RST when the session is timed out.

Hi @Sho9240

 

no, a RST can only be sent as a response to something. You'd either need to have a deny rule with the action set to reset, or a custom threat signature with action reset

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 4691 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!