Getting TCP Flag(s): ACK RST on https sites
tmstar84 Newbie ✭
I just took over at a new location and trying to troubleshoot an ongoing issue with https sites going through the firewall. Its a TZ600 and the event log is giving me a 713 ID, the sites work but time out randomly making it impossible to download files or extract information from external cloud databases we use here.
Category: Entry Level Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
could you use packet capture for this session. and check packet capture Module ID and Drop code details.
Ether Type: IP(0x800), Src=[18:b1:69:cd:9a:64], Dst=[98:fa:9b:55:2b:22]
IP Packet Header
IP Type: TCP(0x6), Src=[126.96.36.199], Dst=[192.168.0.157]
TCP Packet Header
TCP Flags = [ACK,RST,], Src=, Dst=, Checksum=0x1e2d
Do you have DPI-SSL enabled?
Is this what your referring to?
Yes. Just because it is licensed does not mean it is enabled.
Its showing not licensed, I'm adding it now.
So you're not using DPI-SSL for clients. No need to add or enable it, it was so us folks trying to help have a complete picture. What firmware version are you running?
Have you read: https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/170513143911627/
Export the capture to Wireshark to get a better picture of the complete traffic flow.
Currently its on SonicOS Enhanced 188.8.131.52-83n
For the record, the latest General Release for a TZ600 is 184.108.40.206-93n.
I'm not suggesting that it will fix your current condition, but it is worth investigating...
@tmstar84 please have a look to:
Your firewall rule number is 9 and check this rule because of your screenshot is saying drop by fw rule 9. and packet capture information was missing some info. could you send to us full packet capture screenshot?