TCP teardown by TCP Reset-O

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2012 05:24 AM - edited 03-11-2019 04:47 PM
Hello folks
Can any of you help me interpret what the following log entry means (look at the description field)?
Does the O in Reset stand for "outside" og "outgoing" or something else?
To me the the line says that 10.101.85.152 is sending the TCP RST packet. The firewall receives the packet and closes the connection. Am I correct?
Does the firewall notify the other end of the flow that the connection has been forcefully closed?
Now take a look at the image below. If I'm correct, then it appears that the client (10.101.85.152) is trying to use a connection that it had aldready closed the hard way? Or perhaps the underlying OS closed the connection without informing the application or the application ignored the nofitication?
Am I correct in my assumptions?
Any help is appreciated.
Best regards
Jesper
- Labels:
-
NGFW Firewalls

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2012 06:43 AM
Reset-O means that the Reset is from the Outside.
Here is the syslog messages for your reference:
The logs means that the firewall already torn down the connection and it receives the ACK afterwards.
