General Discussion Default drop SSL

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 6 subscribers
Views 1129 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default drop SSL

MarcelZimmer over 5 years ago

Good evening,

i have one questions. In the Livelog off an SG UTM 9.7 there are some Entrys in the livelog which write "default drop SSL"

It's an connection from internal / external source via dnat to on Server (Citrix NetScaler) in an DMZ.

The downlaoded Firewall Log has no entry with default drop ssl, but many entry with tcpflags="RST".

Nothing was changed on the firewall (only automatic patern updates), but since last friday we have this error.

Have someone an idea why it doens't work anymore?

Thank you very much.

Greetings, Marcel

This thread was automatically locked due to age.

Parents

0 dirkkotte over 5 years ago

something has stopped working?
The RST packets mostly are packets for old/lost TCP-Sessions.
If someone scan your NetScaler (open a TCP443 Session) but don't colse this correctly, The netscaler (and other Webservers too) send a RST Packet if Session is killed at the device.
But Firewall close such session more fast. So such a Packet has no corresonding session... resuld: packet droped

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dirkkotte over 5 years ago

something has stopped working?
The RST packets mostly are packets for old/lost TCP-Sessions.
If someone scan your NetScaler (open a TCP443 Session) but don't colse this correctly, The netscaler (and other Webservers too) send a RST Packet if Session is killed at the device.
But Firewall close such session more fast. So such a Packet has no corresonding session... resuld: packet droped

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data