aged-out just means the firewall never gets a RST or FIN on TCP packets, or is common and expected on UDP traffic. Incomplete just means that not enough traffic passed to properly identify the traffic via the app-id engine.
You really aren't providing any required information to help you here. I can assume that we're talking about a SQL server and this is TCP traffic, but that's just an assumption. Assuming that this is SQL and using TCP, then you would really want to verify in the detailed logs if you are seeing return traffic from the SQL server and ensure the SQL server isn't restricted and is actually responding to the client.
if 2 IP addresses are working fine and one has issue then you can check below things:
1. Incomplete message means somehow 3 way handshake is not completed ,check if destination server is receiving packets from your source,
2. check at you firewall if traffic of all three ip address going through same FW policy
3.check tracert and telnet to check reachability to destination
4. check route and also check what interface packet is using to exit firewall.
Do let me know if you require commands to do above steps as well.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!