Hi
I think my last post might need some explanatioon.
If you have used the "set flow tcp-syn-check" command and the packet is not part of an existing session and furthermore has no SYN-flag set the firewall will drop the packet.
If you at the same time has activated TCP-RST on the zone the firewall will return a RESET.
I thnk thats how it works
Regards
Hans