Support Center > Search Results > SecureKnowledge Details
Download of file larger than 2GB is stopped after downloading 2GB of the file due to "Dropping packet with old Ack number" Technical Level
  • Download of a file larger than 2GB is stopped after downloading 2GB of the file.
  • The output of fw ctl zdebug + drop is:
    dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TCP off-path sequence inference. Dropping packet with old Ack number
  • SmartConsole logs are "Accept" for the traffic.
PSL Mechanism General Explanation:

Packets may arrive out of order or may be legitimate retransmissions of packets that have not yet received an acknowledgment. In some cases a retransmission may also be a deliberate attempt to evade IPS detection by sending the malicious payload in the retransmission. The Security Gateway ensures that only valid packets are allowed to proceed to destinations. It does this with Passive Streaming Library (PSL) technology.
  • PSL is an infrastructure layer that provides stream reassembly for TCP connections.
  • The gateway makes sure that TCP data seen by the destination system is the same as that seen by code above PSL.
  • This layer handles packet reordering, congestion handling and is responsible for various security aspects of the TCP layer, such as handling payload overlaps, some DoS attacks and others.
  • The PSL layer is capable of receiving packets from the firewall chain and from the SecureXL module.
  • The PSL layer serves as a middleman between the various security applications and the network packets. It provides the applications with a coherent stream of data to work with, free of various network problems or attacks.
  • The PSL infrastructure is wrapped with well defined APIs called the Unified Streaming APIs which are used by the applications to register and access streamed data

The traffic is being dropped due to core-protection "TCP Off-Path Sequence Inference"

The default action for this protection is "Inactive". On environments in which this issue exists, the protection's action has been changed to "Drop"

Note: To view this solution you need to Sign In .