PSL Mechanism General Explanation:
Packets may arrive out of order or may be legitimate retransmissions of packets that have not yet received an acknowledgment. In some cases a retransmission may also be a deliberate attempt to evade IPS detection by sending the malicious payload in the retransmission. The Security Gateway ensures that only valid packets are allowed to proceed to destinations. It does this with Passive Streaming Library (PSL) technology.
The traffic is being dropped due to core-protection "TCP Off-Path Sequence Inference"
- PSL is an infrastructure layer that provides stream reassembly for TCP connections.
- The gateway makes sure that TCP data seen by the destination system is the same as that seen by code above PSL.
- This layer handles packet reordering, congestion handling and is responsible for various security aspects of the TCP layer, such as handling payload overlaps, some DoS attacks and others.
- The PSL layer is capable of receiving packets from the firewall chain and from the SecureXL module.
- The PSL layer serves as a middleman between the various security applications and the network packets. It provides the applications with a coherent stream of data to work with, free of various network problems or attacks.
- The PSL infrastructure is wrapped with well defined APIs called the Unified Streaming APIs which are used by the applications to register and access streamed data
The default action for this protection is "Inactive". On environments in which this issue exists, the protection's action has been changed to "Drop"