Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Predictable TCP Initial Sequence Numbers Vulnerability

KosmanKosman Newbie ✭
edited April 2022 in Firewall Management and Analytics
pci_vulnerability_report_4152022.pdf

We have two locations with primary and secondary NSA 4600s. The quarterly PCI scan vulnerability report failed with "Predictable TCP Initial Sequence Numbers Vulnerability". What is the solution to this vulnerability from the firewall so we can be PCI compliant? I have attached the report. Thanks for your assistance in advance.

Category: Firewall Management and Analytics
Reply

Best Answer

  • CORRECT ANSWER
    KosmanKosman Newbie ✭
    Answer ✓

    I reached out to SonicWall support and they replied with the ff:

    "Please Navigate to the diag page of the firewall(https://IP address/diag.html) > Internal settings > enable the option "Enable TCP sequence number randomization" that should resolve this."

    I did that on all active devices, which synced to the standbys. The ASV has completed a rescan and verified that this vulnerability was resolved. We are now PCI compliant. I hope this helps someone out there.

Answers

Sign In or Register to comment.