5 Replies Latest reply on Mar 30, 2015 9:28 AM by mike18

    There are too many out of order segments in TCP

    mike18

      Hi Everyone,

       

      We have vendor at site who uses SSL VLN he is having disconnection issues.

      Traffic flows via Mcafee firewall

       

      log shows

       

       

      +0000",fac=f_kernel,area=a_nil_area,type=t_attack,pri=p_major,hostname=FWM300,ca tegory=dos,event="TCP max segments;reassembly",src_geo=US,srcip=200.x.x.x,srcport=443,srczone=external,ds tip=192.168.x.x,dstport=18229,attackip=200.x.x.x,attackport=443,attackzone=exter nal,protocol=6,interface=1-0,reason="There are too many out of order segments in TCP reassembly processing."

       

      where 200.x.x.x is VPN server IP

      192.168.x.x is user PC IP

       

      Need to confirm if Mcafee is dropping the traffic?

       

      Regards

      Mike