Solved

Sonicwall "TCP handshake violation detected; TCP connection dropped"

Posted on 2013-11-07
3
15,838 Views
Last Modified: 2014-01-03
We manage a company that has a Sonicwall 2400 with 3 HP switches. We have various nodes that get "disconnected" from the Internet. I believe out of 100 nodes, only about 7 are having these issues. When we look at the logs on the Sonicwall it says:

TCP handshake violation detected; TCP connection dropped - Handshake Timeout

Here are the steps we have taken so far:

1) Rebooted Firewall
2) Updated Firmware on Firewall
3) Rebooted Master Switch
4) Changed Default TCP Handshake Timeout from 30 seconds to 5 min
5) Change Default TCP Connection time from 5 Min to 30 min
6) Changed Syn flood from Always Proxy WAN to Watch and Report Possible Flood

Other Symptoms:

Client could connect to httpS://www.google.com and could ping google.com but web page for http://www.google.com would load. She also had a solid VPN connection going.

Even after the above mentioned, still getting issues with "Handshake violation, TCP dropped".

Any ideas? I'm at my wits end....

Alski
0
Comment
Question by:Alski
  • 2
3 Comments
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39631191
Hi Alski,

What is the SonicOS firmware version? You should upgrade, if not already, to the latest release
Have you performed any hardening on the security appliance?
What type of WAN connection is being used?

Login to the SonicWALL and go to Firewall Settings > Flood Protection then match the following settings:
Under TCP Settings
• Enforce strict TCP compliance with RFC 793 and RFC 1122: Uncheck
        • Enable TCP handshake enforcement: Uncheck
• Enable TCP checksum enforcement: Uncheck
• Enable TCP handshake timeout: Uncheck
• Default TCP Handshake Timeout: 30 seconds (default) to 5 minutes
• Default TCP Connection time: 15 minutes (default) to 30 minutes
Layer 3 SYN Flood Protection - SYN Proxy
• SYN Flood Protection Mode: select Watch and report possible SYN floods (keep this as you have indicated)
Then re-test with new connections (terminating the old ones by closing the browsers).

If that still fails to resolve, follow below:
Increase the Inactivity timeout of the rules on the SonicWALL.
VPN tunnels: You may need to increase activity timeout on the LAN to VPN as well as the VPN to LAN rule to avoid timeout conditions.
Make sure the upstream device, source and destination computers connecting to each other do not have latency.

I'd assume you have Stealth Mode enabled? If you don't (you should), are you seeing TCP RST thereafter? You could be seeing these sent in response to a violation of TCP Handshake enforcement (e.g. where an invalid flag is received during the 3 way TCP handshaking process).

I'd also test with disabling all Security Services (if licensed, like CGSS) from ALL Zones (Network > Zones, click the configure icon and remove all applicable services). Then re-test.

Let me know how it goes and please answer the above questions in the interim.
Thanks!
0
 

Author Comment

by:Alski
ID: 39634727
I extended the Handshake from 30 seconds to 5 minutes, as well the timeout from 5 min to 30 minutes, so far so good. If it becomes a problem again, I will check back in. Dont know why this happened all of the sudden. Fingers crossed as I am on vacation next week!

Thanks for your help!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39634804
The fact that you have to extend the timeouts from the default is suspect that something else is going on as I indicated in my previous post (http:#a39631191). I'd check with your ISP...they might be at the source of the issue.

Basically it's not a root-cause fix and for that reason I'm concerned.  I hope it holds for you while on vacation though!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now