Understanding TCP Handshake violation

Description

In this knowlege article we will discuss how to understand the TCP Handshake violation and how to address the issue

Resolution


  1. Navigate  to the Investigate|Event Logs and search for TCP handshake violation detected. 

    Image


  2. Run a capture and check the flags and timestamp

    Image



  3. Compare it to the time stamp in the event log

    Image

    The capture only shows SYN packets being received and not being forwarded.

    Image

  4. Check the ARP table to determine if the destination IP address is listed.  This can be found under Manage| Network | ARP

    Image

    If no ARP entry is listed the the firewall will not forward the packets.

    A TCP Handshake has not occurred in this particular instance, because only SYN packets are received, and therefore the 3 Way handshake cannot be completed.  This is a TCP handshake violation and the connection will be dropped.





Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Firewalls
TZ Series
not finding your answers?
Ask the Community