Since R80.20, predictable TCP sequences are generated (in some cases) by the Security Gateway as a result of a functionality bug.
This might happen when using the following blades/protections (for example):
- HTTPS Inspection for HTTPS connections
- ‘Header spoofing’ IPS protection
- User web portals on Security Gateway
Since in most of the cases these types of connections are encrypted, an attacker could use it only to create spoof reset, not session hijack.
If successful, it could cause disconnections of specific connection.
This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.