Unable to reach a specific website - " SYN,ACK " packet missing
03/26/2020 43 11743
A specific website is randomly not reachable. Analyzing packet capture, we see that the TCP 3-Way Handshake is not correctly established: the "SYN, ACK" for the "SYN" packet is missing from the handshake.
Bypassing the SonicWall, the website is always reachable.
Possible root causes could be:
- a SYN-ACK is sent, but the server is dual homed (multiple interfaces in the same subnet) and it sends the response out a different interface.
- there is no SYN-ACK sent by the server
There is no workaround applicable from the SonicWall because the 3-way handshake must be established in the right way for security reasons.
Sometimes web servers use several interfaces for "redundancy" reasons and then they simply assign an IP address from the same subnet (Windows does not prevent that)! This usually works on a local network without security devices (firewall, load-balancers, etc.), but it can cause problems if those devices are in place.
If not related to web server redundancy, one possible solution applicable from server side is: turn off both TCP window scaling and TCP timestamps on servers that are accessible to the public.