This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Security Policies in Firewall

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Security Policies in Firewall

Durga.Chitturi
L0 Member

‎04-06-2021 02:59 PM

How to troubleshoot when we get sessions end reasons: 

Tcp-rst-Server

Tcp-rst- client 

Tcp-fin 

n/a

Aged out 

 

I know what all these but I don't know how to troubleshoot the issue and don't know where to start  troubleshoot 

Can someone help on this. 

 

0 Likes Likes
2 REPLIES 2

S.Cantwell
Cyber Elite
Cyber Elite

‎04-06-2021 07:11 PM

Well, for the TCP reset, you would start by going to the actual computer/server and do a packet capture or install Wireshark or similar software.  As you are aware, these messages do not come from the FW, but from those devices.  Start with the devices and look to see why they are sending those messages.  If Microsoft endpoints, then you may want to contact MS to support their OS.

 

Fin does not need to be troubleshoot.  A tcp-fin means the sessions between client/server was closed properly.

aged-out means that the FW held the session open for 3600 secs (if TCP) or 30 sec (if UDP) and either side (client/server) talked and so, to save resources, the session was closed.  Again, endpoint/server caused... not by the FW.

 

N/A means not available....

Help the community: Like helpful comments and mark solutions
0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎04-07-2021 09:54 AM

@Durga.Chitturi,

Just to expand on what @S.Cantwell already stated, generally the only one that could point to an issue with your firewall is aged-out. If you're seeing aged-out traffic on something and it's not actually working as expected, it could point towards a routing issue on your firewall.

Just to be very clear here however, just because you are seeing aged-out responses doesn't automatically mean you have a routing issue on your firewall. aged-out is a common session end reason that doesn't mean you should be looking for a problem, it just means that if someone is reporting a problem and you are seeing aged-out in the logs that it could point towards a potential routing issue. 

0 Likes Likes
  • 1719 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks