Hey Gene,
This functionality basically sets the action on how the TCP state machine should process a unexpected TCP packets. Here's the detailed description from our latest 3.2 Configuration Reference Guide:
Valid values: allow, block, reset.
Default: reset.
This governs the behavior of a router's TCP state machine when receiving unexpected packets. When set to 'reset', if a router receives a TCP packet that does not match any session-in progress and the SYN flag is not set, or it receives a packet that does match a session in progress but it does not conform to the router's TCP state machine (e.g., the sequence number is outside the expected window), the router will send a RST back to the sender. Setting this field to 'allow' causes the router to pass non-SYN first packets and non-conforming packets (per the TCP state machine's expectations). The 'block' setting causes the router to silently discard non-SYN first packets and non conformant packets (again, per the state machine).
------------------------------
Adam Morris
Sales Engineer
WA
(206) 617-4999
------------------------------
Original Message:
Sent: 12-11-2018 09:17
From: Gene Shtirmer
Subject: Transport State Enforcement options
In a service policy there a setting called Transport State Enforcement, which is by default configured as "reset". Other possible values are "allow" and "block". Can I get some additional details around the use case, which this setting addresses, and how each value changes the behavior?
------------------------------
Gene Shtirmer
Sales Engineer
Randolph NJ
------------------------------