Session Agged out in logs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Session Agged out in logs

L0 Member

Hi Team,

 

need your support on my issue aged out and incomplet application for port 1433.

However, the policy is allow.

Need how to fix this..

Same subnet other two IPs working find ,But one of the IP is agged out

3 REPLIES 3

Cyber Elite
Cyber Elite

aged-out just means the firewall never gets a RST or FIN on TCP packets, or is common and expected on UDP traffic. Incomplete just means that not enough traffic passed to properly identify the traffic via the app-id engine. 

You really aren't providing any required information to help you here. I can assume that we're talking about a SQL server and this is TCP traffic, but that's just an assumption. Assuming that this is SQL and using TCP, then you would really want to verify in the detailed logs if you are seeing return traffic from the SQL server and ensure the SQL server isn't restricted and is actually responding to the client. 

L0 Member

if 2  IP addresses are working fine and one has issue then you can check below things:

1. Incomplete message means somehow 3 way handshake is not completed ,check if destination server is receiving packets from your source, 

2. check at you firewall if traffic of all three ip address  going through same FW policy

3.check tracert and telnet to check reachability to destination

4. check route and also check what interface packet is using to exit firewall.

 

Do let me know if you require commands to do above steps as well.

3. 

L0 Member

I will check and back to you.

  • 2103 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!