Session timer getting reset for new syn packet

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Session timer getting reset for new syn packet

L1 Bithead


I got the following scenario.

client -> Paloalto -> Server:1234

The client initiates a tcp session to server always using the same source port and same sequence number (verified in packet capture). The session time out is the default 60 minutes.


The client sometimes looses network coverage and initiates a new sync (with same source port and sequence number). But on the firewall the previous session exists and this syn packet is causing the session timer to reset. So the session is never timing out and the capture on firewall is showing that it is dropping all the new syn packets. 


We ended up having to clear the sessions manually on firewall for the client to be able to connect.


We did open ticket with support and were told that client is not following RFC (they need to stop using same source port and sequence number). But as usual the client is saying that this application is working at other sites and it is firewall issue.


Looking for some pointers on this.



See the other things I mentioned.

We will try for enchancement request. Also we are testing by lowering time out

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!