Support Center > Search Results > SecureKnowledge Details
Idle connection that was accelerated by SecureXL is dropped with "First packet isn't SYN" log after it becomes active again
Symptoms
  • "First packet isn't SYN" drop log in SmartView Tracker.

  • Disabling SecureXL resolves the issue.

  • Traffic capture, SmartView Tracker log and output of "fwaccel conn" command show that the dropped connections were accelerated by SecureXL, then were idle for more that 512 seconds and then became active again.

Cause

By design, the SecureXL mechanism does not update the TCP expiration timeout timer in FireWall kernel if the connection was idle for more than 512 consecutive seconds.


Solution
Note: To view this solution you need to Sign In .