Support Center > Search Results > SecureKnowledge Details
SYN packets are dropped by SecureXL Technical Level
Symptoms
  • SYN packets are dropped by SecureXL. The connection in the connection table is in a half closed state via a FIN/ACK from the server to client or client to server.

  • Running Kernel debug (fw ctl zdebug + drop), similar logs can be seen:
    @;3654790;[cpu_0];[SIM-206691232];update_tcp_state: invalid response to FIN;
    @;3654790;[cpu_0];[SIM-206691232];update_tcp_state: invalid state detected (current state: 0x80000, th_flags=0x2, cdir=0) -> dropping packet, conn: [<X.X.143.186,55552,X.X.143.25,443,6>][PPK0];
    @;3654790;[cpu_0];[SIM-206691232];do_inbound: Possible TCP state violation for <X.X.143.186,55552,X.X.143.25,443,6> -> dropping packet ;
    @;3654790;[cpu_0];[SIM-206691232];do_packet_finish: SIMPKT_IN_DROP vsid=0, conn:<X.X.143.186,55552,X.X.143.25,443,6>;
Cause

The Security Gateway is receiving a SYN packet on an existing half closed connection with the same five tuple in the connection table.

Client to Server connections are not closed completely before ports are reused for new connections.


Solution
Note: To view this solution you need to Sign In .