A network engineer is troubleshooting a drop in traffic from a critical application. The traffic is allowed by the security policy, but the firewall is dropping the packets. The engineer views the session log and sees that the session is being terminated due to 'tcp-non-syn'. What is the most likely cause?
Trap 1: The TCP sequence numbers are out of order, causing the packets to…
Out-of-order sequence numbers cause tcp-out-of-window drops, not tcp-non-syn.
Trap 2: The NAT policy is misconfigured, causing the source IP to not be…
NAT misconfiguration leads to NAT-related drops, not tcp-non-syn.
Trap 3: The security policy uses an incorrect service object that doesn't…
Incorrect service would cause application-mismatch, not tcp-non-syn.
- A
The TCP sequence numbers are out of order, causing the packets to be out of the expected window.
Why wrong: Out-of-order sequence numbers cause tcp-out-of-window drops, not tcp-non-syn.
- B
The NAT policy is misconfigured, causing the source IP to not be translated correctly.
Why wrong: NAT misconfiguration leads to NAT-related drops, not tcp-non-syn.
- C
The security policy uses an incorrect service object that doesn't match the application.
Why wrong: Incorrect service would cause application-mismatch, not tcp-non-syn.
- D
Asymmetric routing is causing packets to arrive at a firewall that did not see the initial SYN.
Asymmetric routing leads to tcp-non-syn drops because the firewall has no session for the non-SYN packet.