Message Image

Skip main navigation (Press Enter).

Screen OS

last person joined: 8 months ago

This is a legacy community with limited Juniper monitoring.

Back to discussions

Expand all | Collapse all

TCP RST on zone

Jump to Best Answer

Erdem03-01-2010 07:48

i found that there is an option under each zone : enable TCP RST what is the meaning & the effect ...

Erdem03-01-2010 12:16

Hi I think this is used for if the firewall recieves a packet that does not belong to an existng ...

Erdem03-01-2010 13:49Best Answer

Hi I think my last post might need some explanatioon. If you have used the "set flow tcp-syn-check" ...

1. TCP RST on zone

0 Recommend
Erdem
Posted 03-01-2010 07:48
i found that there is an option under each zone :
enable TCP RST

what is the meaning & the effect of that option ?
2. RE: TCP RST on zone

0 Recommend
Erdem
Posted 03-01-2010 12:16
Hi

I think this is used for if the firewall recieves a packet that does not belong to an existng session, byt does not have the SYN-flag set. Then the firewall will return a RST.

Regards
Hans
3. RE: TCP RST on zone
Best Answer

0 Recommend
Erdem
Posted 03-01-2010 13:49
Hi

I think my last post might need some explanatioon.

If you have used the "set flow tcp-syn-check" command and the packet is not part of an existing session and furthermore has no SYN-flag set the firewall will drop the packet.

If you at the same time has activated TCP-RST on the zone the firewall will return a RESET.

I thnk thats how it works

Regards
Hans

Powered by Higher Logic