Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Packet Dropped - TCP Sequence Out Of Order

brunogabrielbrunogabriel Newbie ✭
in Mid Range Firewalls

Have to migrate an Oracle Database 12 to other DB on a remote site (LAN -> VPN)

I got this erros on packet monitor all the time and my connection is cut of after a few minutes.

I disabled "Enable support for Oracle (SQLNet)" and disabled "TCP Randomization" in diag.html.


Any ideas?

Category: Mid Range Firewalls
Reply

Comments

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @brunogabriel

    are both sides (local and remote) secured by SonicWall Appliances?

    I don't have any Oracle experience, but did you tried to "Disable DPI" on the Advanced tab of the Firewall rule allowing the traffic? Usually having this on both sides would make sure that DPI is not messing this up.

    VPN connection is stable I suppose?

    Best regards.

    --Michael@BWC

  • brunogabrielbrunogabriel Newbie ✭

    Yep, I disabled DPI on rules LAN -> VPN, VPN -> LAN

    It's supposed to be stable, tried with more then one WAN.

  • NevyadithaNevyaditha Moderator

    Hi @brunogabriel ,

    Can you confirm if the option " fix/ignore TCP malformed packets" on diag page is enabled or disabled ?

    Is there any disconnectivity issue that you experience, if there is then do you experience it after certain specific time or does it occur randomly ?

    Regards,

    Nevyaditha P

    Nevyaditha P

    Technical Support Advisor, Premier Services

  • ClemensClemens Newbie ✭

    Hello,

    I have a similar problem with some Oracle clients. On Sonicwall packets are dropped with the following message:

    "DROPPED, Drop Code: 70(Invalid TCP Flag(#1)), Module Id: 25(network), (Ref.Id: _5712_uyHtJcpfngKrRmv) 2:2)"

    I applied the workaround "Dropped packets because of "Invalid TCP Flag", the option "Enable support for Oracle (SQLNet)" is disabled (was enabled before).

    Currently we are using Oracle version 19.

    Curiously, the connection works on one client (no packets are dropped), but on two others this problem occurs.


    Is there a tip to solve the problem?

    kind regards Clemens

  • AhmedSabeqAhmedSabeq Newbie ✭

    Hi,

    I am also facing the same issue after Oracle upgrade to version 19

    DROPPED, Drop Code: 70(Invalid TCP Flag(#1)), Module Id: 25(network), (Ref.Id: _5712_txGsIboemfJqQlu), 5:26)

    This frame is a (suspected) out-of-order segment

    Called support and the only response I got is to try

    Enable Fix/ignore malformed TCP headers & Enforce strict TCP compliance with RFC 793 and RFC 1122 from Firewall Settings which didnt help.

    Any idea how I can fix this please.


    Regards,

    Ahmed

  • RobbertRobbert Newbie ✭

    just going to bump this as i'm running into the same issue with oracle version 19c


    i'm adding the original pdf from oracle here to maybe help some people

    but what i'm running into is that we have this software thats controller by third party and they cannot change the settings on the framework hence we are still running into this issue.


    Oracle19c_OOB (1).pdf


  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    Hi @brunogabriel


    please disable "Enable TCP sequence number randomization" options under the diag menu.


    Screen Shot 2022-07-07 at 22.16.16.png


  • ALFMXALFMX Newbie ✭

    Hello,

    Please enable "Allow TCP Urgents Packets" in access rule LAN-VPN / VPN-LAN


    image.png

    Regards

    Alfonso Rios

Sign In or Register to comment.