- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Sonicwall and TCP ZeroWindow
08/30/2021 
4 People found this article helpful
185,660 Views
Description
This article will describe the Sonicwall firewall behavior when it observes the TCP zero window alert in any TCP communication.
TCP Zero Window: When a TCP receiver's buffer begins to fill, it can reduce its receive window. If it fills, it can reduce the window to zero, which tells the TCP sender to stop sending. This is called "closing the window". Typically this indicates that the network is delivering traffic faster than the receiver can process it.
When the receiver closes its receive window, it usually means that it is receiving data faster than it can send it on the peer flow. This is normal in situations where, for example, the server-side network is faster than the client-side network, and there is a large transfer from the server to the client.
For the client-server TCP communication, zerowindow can be normal behavior and the receiver should update the TCP window automatically based on its flow.
However, Sonicwall firewall can treat this as Denial of Service attack and may reset the TCP stream if it sees the TCP zero window in the communication as shown below :
Resolution
This can be avoided by disabling a feature in the internal settings option of the Sonicwall as shown below :
Step 1: Login into Sonicwall UI.
Step2: Enter the interal settings option by changing the browser address to:
https://<ip_address>/diag.html for gen6 devices
https://<ip_Address>/sonicui/7/m/mgmt/settings/diag for gen7 devices
Step 3: Disable the option 'Protect against TCP State Manipulation DoS' and click accept
Related Articles
- Bandwidth usage and tracking in SonicWall
- How to force an update of the Security Services Signatures from the Firewall GUI
- Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.
YES
NO