Security Policies in Firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Security Policies in Firewall

L0 Member

How to troubleshoot when we get sessions end reasons: 

Tcp-rst-Server

Tcp-rst- client 

Tcp-fin 

n/a

Aged out 

 

I know what all these but I don't know how to troubleshoot the issue and don't know where to start  troubleshoot 

Can someone help on this. 

 

2 REPLIES 2

Cyber Elite
Cyber Elite

Well, for the TCP reset, you would start by going to the actual computer/server and do a packet capture or install Wireshark or similar software.  As you are aware, these messages do not come from the FW, but from those devices.  Start with the devices and look to see why they are sending those messages.  If Microsoft endpoints, then you may want to contact MS to support their OS.

 

Fin does not need to be troubleshoot.  A tcp-fin means the sessions between client/server was closed properly.

aged-out means that the FW held the session open for 3600 secs (if TCP) or 30 sec (if UDP) and either side (client/server) talked and so, to save resources, the session was closed.  Again, endpoint/server caused... not by the FW.

 

N/A means not available....

Help the community: Like helpful comments and mark solutions

Cyber Elite
Cyber Elite

@Durga.Chitturi,

Just to expand on what @SCantwell_IM already stated, generally the only one that could point to an issue with your firewall is aged-out. If you're seeing aged-out traffic on something and it's not actually working as expected, it could point towards a routing issue on your firewall.

Just to be very clear here however, just because you are seeing aged-out responses doesn't automatically mean you have a routing issue on your firewall. aged-out is a common session end reason that doesn't mean you should be looking for a problem, it just means that if someone is reporting a problem and you are seeing aged-out in the logs that it could point towards a potential routing issue. 

  • 1554 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!