cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
903
Views
0
Helpful
5
Replies
Beginner

Duplicate SYN packet being dropped by FWSM

Hi,

I am a network newbie and got a question on FWSM (Version 3.2(7)).  Does the FWSM by default drops duplicate SYN packet on a TCP 3 way handshake?  The traffic is between the internal and external interface.

Thanks,

Network Newbie

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Duplicate SYN packet being dropped by FWSM

Hello Danny Lee,

No, it does not.

By default it will not drop it, It will report it but it will not drop it

Hope I could help,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

5 REPLIES 5
Highlighted

Duplicate SYN packet being dropped by FWSM

Hello Danny Lee,

No, it does not.

By default it will not drop it, It will report it but it will not drop it

Hope I could help,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted
Beginner

Duplicate SYN packet being dropped by FWSM

Hi,

What is the command to enable the dropping of duplicate SYN packet by the FWSM.

Thanks,

Network Newbie

Highlighted

Duplicate SYN packet being dropped by FWSM

Hello Danny,

Why would you like to drop this dupplicate SYN packets, this could cause problems if there are some SYN packets getting lost ( connections will never be stablished)

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Highlighted
Beginner

Duplicate SYN packet being dropped by FWSM

Hi Julio,

The problem is the duplicate SYN packets are being dropped by the FWSM and caused peer reset on FTP sessions.  I just want to make sure no one configured the FWSM to drop the duplicate SYN packet.

Thanks,

Dan

Highlighted

Duplicate SYN packet being dropped by FWSM

Hello Danny,

In fact The FWSM is not able to drop dupplicate SYN packets, there is no command for that!

An IPS could drop these packets but an ASA or FWSM will not drop them as this is not a security threath,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC