TCP SYN checking exception
Is there a way to create an exception rule for TCP SYN packet and connection state verification?
I am having a problem with two systems that function as system log aggregators and have persistent connections over a BOVPN. When that VPN rekeys or drops for a moment, all traffic continues over the BOVPN as expected except these two log aggregators. These servers each have a single NIC with a single IP. Rebooting these servers is not always possible. The only solution I have is to stop the log collection service for an hour and then restart it.
The Watchguard blocks traffic to the source IP with the following reason:
tcp invalid connection state
pr_info=offset 5 AF 2760075664 win 128