SRX

Expand all | Collapse all

TCP-RST

Jump to Best Answer
  • 1.  TCP-RST

    Posted 06-23-2017 17:35

    why do i need to enable this feature ???? will it protect me from attack or something ????Untitled.png



  • 2.  RE: TCP-RST
    Best Answer

     
    Posted 06-23-2017 18:23

    Hello,

     

    First packet of any TCP communication is always TCP SYN.

     

    If firewall receives packet for which it does not have any session, then it has to be a TCP SYN packet with which firewall can decide whether to create new session or drop.

     

    But if that packet is not TCP SYN, firewall ideally should drop it as it could be an attack or result of assymmetric routing.

     

    Either firewall can drop it silently or it can send TCP RST to the sender of that packet.With tcp-rst on zone, it sends TCP RST packet back.

     

    Regards,

     

    Rushi

     

     



  • 3.  RE: TCP-RST

    Posted 06-23-2017 18:28

    Salute Smiley Happy



  • 4.  RE: TCP-RST

     
    Posted 06-23-2017 18:28

    Hi AhmedMohamed,

     

    This feature is not to protect you against an attack. When the FW receives traffic for a non-existent session or a TCP first packet without the SYN FLAG set, the FW will silently discard the packet. The source will never know this traffic has been dropped on the FW. With this feature enabled we are forcing the FW to send a reset flag and notify the source that the traffic has been dropped. 

     

    Regards,

    Anand

     

    Please Mark My Solution as Accepted if it Helped, Kudos are Appreciated too .....