Solved

Sonicwall - NSA 2400 TCP Handshake Violation

Posted on 2013-11-04
3
8,214 Views
Last Modified: 2013-11-08
Good morning,
I have a Sonciwall NSA 2400 with multiple Sub Interfaces/VLAN's.  One of these VLAN's hosts an WIN2K8 RDS Server.  When users logon and try to access the internet, loads of the below errors get logged on the Sonicwall.  The users web connections never resolve properly.  

We have tried.

 1.  Turning off TCP timeout.
 2.  Disable Content Filtering


Any ideas?

1      11/04/2013 11:11:21.384      Debug      Network      TCP packet received on non-existent/closed connection; TCP packet dropped      20.0.201.8, 51782, X2:V201      207.240.254.97, 443, X1      TCP Flag(s): ACK              
2      11/04/2013 11:10:21.192      Debug      Network      TCP packet received on non-existent/closed connection; TCP packet dropped      20.0.201.8, 51746, X2:V201      207.240.254.97, 443, X1      TCP Flag(s): ACK              
3      11/04/2013 11:08:51.704      Debug      Network Access      Broadcast packet dropped      20.0.201.8, 0, X2:V201      20.0.201.255, 20584      Protocol:137              
4      11/04/2013 11:05:56.128      Notice      Network Access      TCP handshake violation detected; TCP connection dropped      20.0.201.8, 51604, X2:V201      192.168.0.23, 8059, X1      Handshake Timeout              
5      11/04/2013 11:05:43.880      Debug      Network Access      Broadcast packet dropped      20.0.201.8, 0, X2:V201      20.0.201.255, 20584      Protocol:137              
6      11/04/2013 11:04:51.160      Notice      Network Access      TCP handshake violation detected; TCP connection dropped      20.0.201.8, 51563, X2:V201      192.168.20.27, 445, X1      Handshake Timeout              
7      11/04/2013 11:04:39.544      Debug      Network      TCP packet received on non-existent/closed connection; TCP packet dropped      20.0.201.8, 51316, X2:V201      143.166.83.190, 80, X1      TCP Flag(s): ACK              
8      11/04/2013 11:03:01.112      Notice      Network Access      TCP handshake violation detected; TCP connection dropped      20.0.201.8, 51499, X2:V201      192.168.0.23, 8059, X1      Handshake Timeout              
9      11/04/2013 11:02:59.144      Debug      Network      TCP packet received on non-existent/closed connection; TCP packet dropped      20.0.201.8, 51449, X2:V201      64.18.20.10, 80, X1      TCP Flag(s): ACK
0
Comment
Question by:GeminiTechnology
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39621678
Hi GeminiTechnology,

What is the SonicOS firmware version? (you most likely need to upgrade your firmware)
Have you performed any hardening on the security appliance?
What type of WAN connection is being used?

This Log message is displayed when the SonicWALL firewall receives a TCP packet after a particular connection was closed.

This is a generic error message as there are a number of root causes that can create this error. For example: A packet was delayed in transition for some reason and reaches the SonicWALL after the connection was closed. The SonicWALL Firewall drops the packet and logs the message.

Login to the SonicWALL and go to Firewall Settings > Flood Protection then match the following settings:
Under TCP Settings
• Enforce strict TCP compliance with RFC 793 and RFC 1122: Uncheck
        • Enable TCP handshake enforcement: Uncheck
• Enable TCP checksum enforcement: Uncheck
• Enable TCP handshake timeout: Uncheck
Layer 3 SYN Flood Protection - SYN Proxy
• SYN Flood Protection Mode: select Watch and report possible SYN floods
Then re-test with new connections (terminating the old ones by closing the browsers).

If that still fails to resolve, follow below:
Increase the Inactivity timeout of the rules on the SonicWALL.
VPN tunnels: You may need to increase activity timeout on the LAN to VPN as well as the VPN to LAN rule to avoid timeout conditions.
Make sure the upstream device, source and destination computers connecting to each other do not have latency.

Let me know how it goes and please answer the above questions in the interim.
Thanks!
0
 

Author Closing Comment

by:GeminiTechnology
ID: 39633304
Thank you!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39634254
You're welcome! Glad I could help...thanks for the points!
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your computer hacked? learn how to detect and delete malware in your PC
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question