tcp syn checking

networking firewall tcp watchguard protocols
18,873

Solution 1

From Watchguard:

TCP SYN checking

The global TCP SYN checking setting is: Enable TCP SYN checking This feature makes sure that the TCP three-way handshake is done before the Firebox allows a data connection.

So I imagine the watchguard isnt seeing the usual syn/syn ack/ack happen for whatever reason and killing the connection.

Solution 2

I work for WatchGuard. The SYN check is just to ensure that a TCP handshake has taken place before allowing other traffic. Even if this is turned off, we still ensure TCP handshakes that we do observe complete correctly, and does not impact our TCP SYN Flood protection. It is safe to turn off.

It will often trigger due to TCP timeouts on the WatchGuard being shorter than the timeouts on the server/client connection. When the server/client talk again, the WatchGuard assumed the connection was closed and likes to see the TCP handshake again.

Share:
18,873

Related videos on Youtube

OwainD
Author by

OwainD

Updated on September 17, 2022

Comments

  • OwainD
    OwainD over 1 year

    I have a WatchGuard Firebox that I've recently configured. All of the policies look fine and all appropriate services seem to be working correctly.

    However, one or two (seemingly) random nodes keep getting blocked from making HTTP requests to a 1:1 NATed host that everyone else makes just fine.

    The firewall log tells me that tcp syn checking failed, and these requests use destination port 64 for clients behind the appliance, and port 50 for clients on the outside. I've finally found this option and disabled it under the Global Settings (which leaves a bad taste in my mouth), and that seems to have done the trick.

    The documentation is uber thin on the topic, though. Can anyone explain to me exactly what tcp syn checking does/is, and how I might make an appropriate allowance for it in my policies rather than globally disabling it (assuming, of course, there is a more graceful solution than a global rule)?

  • belacqua
    belacqua over 13 years
    Additionally, SYN checks on firewalls are typically done to prevent SYN floods, a denial of service attack using a flood a of TCP syn packets.
  • Andrew Eisenberg
    Andrew Eisenberg over 5 years
    If TCP SYN checking is safe to turn off, what value does it provide?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Accessing LDAP through SSH tunnel
Detect what outgoing ports are bypassed by firewall
VPN: Cisco / Watchguard: IKE lost contact with remote peer
How to globally limit total number of TCP connections with iptables?
What do I need to consider when setting TCP idle timeouts?
How to check whether firewall opened for a port but not listening on the port
Is there a standalone library for Google's QUIC?
what is the command in linux to kill tcp connection or session?
TCP Server sends [ACK] followed by [PSH,ACK]
Data Link Layer and Transport Layer