Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Predictable TCP Initial Sequence Numbers Vulnerability

KosmanKosman Newbie ✭

We have two locations with primary and secondary NSA 4600s. The quarterly PCI scan vulnerability report failed with "Predictable TCP Initial Sequence Numbers Vulnerability". What is the solution to this vulnerability from the firewall so we can be PCI compliant? I have attached the report. Thanks for your assistance in advance.

Category: Firewall Management and Analytics

Best Answer

    KosmanKosman Newbie ✭
    Answer ✓

    I reached out to SonicWall support and they replied with the ff:

    "Please Navigate to the diag page of the firewall(https://IP address/diag.html) > Internal settings > enable the option "Enable TCP sequence number randomization" that should resolve this."

    I did that on all active devices, which synced to the standbys. The ASV has completed a rescan and verified that this vulnerability was resolved. We are now PCI compliant. I hope this helps someone out there.


Sign In or Register to comment.