Solved: Duplicate SYN packet being dropped by FWSM

danny.lee · ‎10-29-2012

Hi,

I am a network newbie and got a question on FWSM (Version 3.2(7)). Does the FWSM by default drops duplicate SYN packet on a TCP 3 way handshake? The traffic is between the internal and external interface.

Thanks,

Network Newbie

Julio Carvajal · ‎10-29-2012

Hello Danny Lee,

No, it does not.

By default it will not drop it, It will report it but it will not drop it

Hope I could help,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎10-29-2012

Hello Danny Lee,

No, it does not.

By default it will not drop it, It will report it but it will not drop it

Hope I could help,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

danny.lee · ‎10-30-2012

Hi,

What is the command to enable the dropping of duplicate SYN packet by the FWSM.

Thanks,

Network Newbie

Julio Carvajal · ‎10-30-2012

Hello Danny,

Why would you like to drop this dupplicate SYN packets, this could cause problems if there are some SYN packets getting lost ( connections will never be stablished)

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

danny.lee · ‎10-30-2012

Hi Julio,

The problem is the duplicate SYN packets are being dropped by the FWSM and caused peer reset on FTP sessions. I just want to make sure no one configured the FWSM to drop the duplicate SYN packet.

Thanks,

Dan

Julio Carvajal · ‎10-30-2012

Hello Danny,

In fact The FWSM is not able to drop dupplicate SYN packets, there is no command for that!

An IPS could drop these packets but an ASA or FWSM will not drop them as this is not a security threath,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC