- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-29-2021 07:26 AM
Hi Team,
need your support on my issue aged out and incomplet application for port 1433.
However, the policy is allow.
Need how to fix this..
Same subnet other two IPs working find ,But one of the IP is agged out
10-29-2021 03:26 PM
aged-out just means the firewall never gets a RST or FIN on TCP packets, or is common and expected on UDP traffic. Incomplete just means that not enough traffic passed to properly identify the traffic via the app-id engine.
You really aren't providing any required information to help you here. I can assume that we're talking about a SQL server and this is TCP traffic, but that's just an assumption. Assuming that this is SQL and using TCP, then you would really want to verify in the detailed logs if you are seeing return traffic from the SQL server and ensure the SQL server isn't restricted and is actually responding to the client.
10-31-2021 02:21 AM
if 2 IP addresses are working fine and one has issue then you can check below things:
1. Incomplete message means somehow 3 way handshake is not completed ,check if destination server is receiving packets from your source,
2. check at you firewall if traffic of all three ip address going through same FW policy
3.check tracert and telnet to check reachability to destination
4. check route and also check what interface packet is using to exit firewall.
Do let me know if you require commands to do above steps as well.
3.
10-31-2021 04:17 AM
I will check and back to you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!