Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4503
Views
10
Helpful
3
Replies

Firewall TCP Connection Flags

deepanprasanth
Level 1
Level 1

‎05-23-2017 12:49 AM - edited ‎03-12-2019 02:24 AM

I have gone through the connection flag alphabets from Cisco website but I could not correlate them with real time connection logs. Someone please share some documents which has the clear info.

Thanks in advance,, 

Labels:
0 Helpful
3 Replies 3

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎05-23-2017 01:10 AM

Hi Deepan,

You can check this link where we have few test cases disussed:
https://www.tunnelsup.com/understanding-cisco-asa-connection-flags/


Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

mrodriguezm
Level 1
Level 1
In response to Dinesh Moudgil

‎03-09-2022 05:19 PM

Hey Networkers, there are some other flags. I found the list now in the FTD. Hope helps.

 

FTD-XXX# show conn detail
2124 in use, 40222 most used
Inspect Snort:
preserve-connection: 2111 enabled, 8 in effect, 40202 most enabled, 188 most in effect
Flags: A - awaiting responder ACK to SYN, a - awaiting initiator ACK to SYN,
b - TCP state-bypass or nailed,
C - CTIQBE media, c - cluster centralized,
D - DNS, d - dump, E - outside back connection, e - semi-distributed,
F - initiator FIN, f - responder FIN,
G - group, g - MGCP, H - H.323, h - H.225.0, I - initiator data,
i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
k - Skinny media, L - decap tunnel, M - SMTP data, m - SIP media
N - inspected by Snort (1 - preserve-connection enabled, 2 - preserve-connection in effect)
n - GUP, O - responder data, o - offloaded,
P - inside back connection, p - passenger flow
q - SQL*Net data, R - initiator acknowledged FIN,
R - UDP SUNRPC, r - responder acknowledged FIN,
T - SIP, t - SIP transient, U - up,
V - VPN orphan, v - M3UA W - WAAS,
w - secondary domain backup,
X - inspected by service module,
x - per session, Y - director stub flow, y - backup stub flow,
Z - Scansafe redirection, z - forwarding stub flow

shagunas
Cisco Employee
Cisco Employee

‎09-10-2022 11:04 AM

Hello,

Check out this article for the FTD TCP connection flags:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/218092-interpret-firepower-threat-defense-tcp-c.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card