Getting TCP Flag(s): ACK RST on https sites
tmstar84
Newbie ✭
I just took over at a new location and trying to troubleshoot an ongoing issue with https sites going through the firewall. Its a TZ600 and the event log is giving me a 713 ID, the sites work but time out randomly making it impossible to download files or extract information from external cloud databases we use here.
Category: Entry Level Firewalls
Tagged:
0
Answers
could you use packet capture for this session. and check packet capture Module ID and Drop code details.
Packet Detail
Ethernet Header
Ether Type: IP(0x800), Src=[18:b1:69:cd:9a:64], Dst=[98:fa:9b:55:2b:22]
IP Packet Header
IP Type: TCP(0x6), Src=[20.112.217.45], Dst=[192.168.0.157]
TCP Packet Header
TCP Flags = [ACK,RST,], Src=[443], Dst=[60158], Checksum=0x1e2d
Application Header
HTTPS
Value:[0]
Forwarded 2:2)
Do you have DPI-SSL enabled?
Is this what your referring to?
Yes. Just because it is licensed does not mean it is enabled.
Its showing not licensed, I'm adding it now.
So you're not using DPI-SSL for clients. No need to add or enable it, it was so us folks trying to help have a complete picture. What firmware version are you running?
Have you read: https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/170513143911627/
Export the capture to Wireshark to get a better picture of the complete traffic flow.
Also: https://www.sonicwall.com/support/knowledge-base/how-to-troubleshoot-packet-drops-and-isp-wan-connectivity-issues/210607115639220/
Currently its on SonicOS Enhanced 6.5.4.7-83n
For the record, the latest General Release for a TZ600 is 6.5.4.9-93n.
I'm not suggesting that it will fix your current condition, but it is worth investigating...
@tmstar84 please have a look to:
--Thomas
Your firewall rule number is 9 and check this rule because of your screenshot is saying drop by fw rule 9. and packet capture information was missing some info. could you send to us full packet capture screenshot?