Application being identified as "non-syn-tcp" and is allowed/blocked

Application being identified as "non-syn-tcp" and is allowed/blocked

70731
Created On 04/03/19 13:29 PM - Last Modified 04/12/19 21:01 PM


Symptom


Application identified as "non-syn-tcp".
The traffic is being Allowed or Dropped depending on the tcp-reject-non-syn settings.

Environment


  • PAN OS
  • Network with Asymmetric Routing

Cause


  • When the firewall receives a non-SYN first packet, it would be allowed or dropped based on tcp-reject-non-syn config and the application is identified as non-syn-tcp app. 
  • This could happen when there is Asymmetric Routing in the Network environments. 
  • Asymmetric routing is a situation where packets follow a different route in an outbound direction than they follow when returning in the inbound direction.
       More details can be found in below article:
       https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSHCA0

Resolution


Solution to this depends on situations.
  •  If the traffic is being identified as non-syn-tcp and is dropped/allowed, and needs to be allowed/blocked, you may need to configure non-syn-tcp globally or per zone basis. See below article for reference:
             https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClG2CAK
  •  Network architecture can be changed to eliminate asymmetric routing.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLNnCAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail