Tim Eberhard <xmi...@gmail.com> writes: > While I haven't read this entire thread, it's worth mentioning that > this is a correct statement. TCP connections (by default) must be > initiated by a standard 3-way handshake. You can disabled this by > turning off tcp-syn-checking under security -> flow. > > I wouldn't recommend it however, as enforcing proper TCP state is > always a good security practice.
Enforcing proper TCP state is certainly good security practice. Dropping a TCP session with active TCP keepalives is simply buggy and wrong. That does not have anything to do with the 3-way handshake or tcp-syn-checking which should be on. /Benny _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp