For details on cookie usage on our site, read our Privacy Policy
Session timer getting reset for new syn packet
- LIVEcommunity
- Discussions
- General Topics
- Session timer getting reset for new syn packet
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Session timer getting reset for new syn packet
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-29-2021 09:57 PM - edited 06-29-2021 10:25 PM
Hi,
I got the following scenario.
client -> Paloalto -> Server:1234
The client initiates a tcp session to server always using the same source port and same sequence number (verified in packet capture). The session time out is the default 60 minutes.
The client sometimes looses network coverage and initiates a new sync (with same source port and sequence number). But on the firewall the previous session exists and this syn packet is causing the session timer to reset. So the session is never timing out and the capture on firewall is showing that it is dropping all the new syn packets.
We ended up having to clear the sessions manually on firewall for the client to be able to connect.
We did open ticket with support and were told that client is not following RFC (they need to stop using same source port and sequence number). But as usual the client is saying that this application is working at other sites and it is firewall issue.
Looking for some pointers on this.
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-01-2021 03:32 AM
See the other things I mentioned.
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-01-2021 03:42 AM
We will try for enchancement request. Also we are testing by lowering time out
- What is Threat ID 40033 "DNS ANY Queries Brute Force DOS Attack" in Threat & Vulnerability Discussions
- Where to see graphs of peak bandwidth usage? in Next-Generation Firewall Discussions
- Global Protect Virtual adapter not installed on ARM64 win 11 device in GlobalProtect Discussions
- IKE phase 1 not working in General Topics
- Sending monitoring information from firewall to Panorama in Panorama Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
