How to allow TCP Urgent Packets in SonicOSX (UPE)

When a device is sending TCP packets with URG flag set, firewall is dropping the packet as Invalid TCP flag. This is causing interruptions in TCP communication. This article shows how to allow these packets using the security policy rules on firewall which is running in policy mode.

Firewall will drop TCP packets with URG flag set by default as a security measure.

Firewall has an option to enable "Allow TCP Urgent Packets". This can be done for specific traffic using the security policy rules as show below.

1) Navigate to POLICY|Rules and Policies|Security Policy. Click on "Add" and then "Top" to add a new policy with higher priority.

2. To apply this rule to specific traffic, make sure to select the appropriate Zone/Interface, Address and Port/Services. 

3. Option to "Allow TCP Urgent Packets" is available in the Security Action Profile. This option can be enabled in the existing custom Security Action Profile (which can be accessed by navigating to OBJECT|Action Profiles|Security Action Profile). Else a new profile can be created as follows.

4. Click on "Miscellaneous" tab and enable the setting for "Allow TCP Urgent Packets" and click Save. 

NOTE: Make sure to configure the remaining settings in this new Action Profile as needed. As an alternative, an existing profile can also be cloned to a new one. This option is available at OBJECT|Action Profiles|Security Action Profile.

5. Click on "Add" to add this new rule.