Sunday, February 17, 2013

Illegal post SYN packet

Symptoms : fw ctl zdebug shows drops like: _tcstate_update Reason: Illegal post SYN packet;

Any packet from the Client other than SYN or RST, is considered as a security issue, fw thinks that the Client tries to send packets before the Server has responded to the initial request SYN
In order to allow such unexpected packets, enable the related kernel parameter on the Security Gateway.

Check the mechanism with,
# fw ctl get int fw_allow_out_of_state_post_syn

# fw ctl set int fw_allow_out_of_state_post_syn 1        activate on the fly
# fw ctl set int fw_allow_out_of_state_post_syn 0        deactivate on the fly

If it helps to resolve the issue it's time to make it persistent after a reboot
Create the $FWDIR/boot/modules/fwkern.conf file, if it does't exist.This file is not present by default

[Expert@testfw]# cd $FWDIR/boot/modules/
[Expert@testfw]# pwd
/opt/CPsuite-R7X/fw1/boot/modules
[Expert@testfw]# vi fwkern.conf

fw_allow_out_of_state_post_syn=0x1

define it with its hex value