cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3119
Views
0
Helpful
0
Replies

Duplicate TCP SYN with different initial sequence number - Firepower

Scott_22
Level 1
Level 1

2020-04-14T08:08:23.110663-05:00 10.162.53.13 %FTD-4-419002: Duplicate TCP SYN from zone1:x.x.x.x/47322 to zone1:x.x.x.x/21 with different initial sequence number

 

We are initiating a vulnerability scan from within our network and we receive the above syslog when the scan is running. Based on my research it appears that scanner is trying to find the ISN and the Firepower device is sending a notification. Is there a way to shun this message for the host initiating the scan? I also found that a threat defense policy can be adjusted on the ACP to disable the random sequence number feature -  connection random-sequence-number disable. Am I on the right track? I would prefer to simply shun the IP over adjusting the treat defense policy if possible. 

0 Replies 0
Review Cisco Networking for a $25 gift card