External Firebox tcp syn checking failed (expecting SYN packet for new TCP connection, but received

Hi,

Just wondering if anyone can help, me and my colleague have inherited a Firebox T15. All has been fine for the last year and we've never really touched it. Today a few of our users have been unable to access https://office.services.xerox.com

When we checked the logs and get the following when trying to access.

2024-05-23 08:32:51 Deny 52.97.129.226 62.232.114.98 60365/tcp 443 60365 External Firebox tcp syn checking failed (expecting SYN packet for new TCP connection, but received ACK, FIN, or RST instead). 40 243 (Internal Policy) proc_id="firewall" rc="101" msg_id="3000-0148" tcp_info="offset 5 R 4069989142 win 8211

Does anyone know anything about getting this to work.

Just to note if we bypass the T15 we're able to access the site.

Comments

  • FYI - access to that site works for me. T20, Fireware V12.10.3

    Review this article:
    Troubleshoot "TCP SYN checking failed" log message and asymmetrical routing
    https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000XeLhSAK&lang=en_US

    You can disable TCP SYN packet checking, which may or may not help:
    See this section, in the below doc page:
    Configure TCP Settings

    Define Firebox Global Settings
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/basicadmin/global_setting_define_c.html

  • Hi Bruce,

    So we've disabled TCP SYN and increased TCP timeout and nothing has changed.

    Still the same error message.

  • Note that I did say disabling it may not help.

    More details about your setup:
    . single WAN connection??
    . what is trying to connect to this site? A PC?
    . how is this device connected to your firewall? Via a switch or ???
    If not directly connected to a firewall interface, have you tried a direct connection?

  • Also, if you have a support contract for your firewall, you can open a support case to get WG help on understanding & resolving this.

    Use the Support Center link above to do so.

  • Hi Bruce,

    yeah i appreciate it might not have worked, Just me and my Colleague now nothing about the watchguard firewalls.

    1. Its a single WAN connection into the T15.
    2. A number of users are trying to access the site via multiple PCs
    3. PCs on the network are connected via a Switch.

    We disconnect the firewall and went directly to the switch and can access the site. As soon as we introduce the firewall back it blocks it.

    Unfortunately we don't have a support contract with Watchguard hence my post in this forum.

    We've been thinking about replacing the watchguard soon anyway. Maybe this will push the replacement.

  • Just a single switch with a single connection to the firewall?

    Seems like there are 2 paths to the PCs from the firewall.

  • Note that if the issue is being caused by something outside the firewall, a direct connection excluding the firewall will not show this error, and may work just fine.

    For the record, what Fireware version is on your T15?

Sign In to comment.