How to enable TCP sessions without SYN

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 198286

Description

This article describes how TCP sessions without SYN can be configured when creating or editing a policy from the GUI.

Scope

FortiGate.

Solution

From CLI.

config system settings
set tcp-session-without-syn enable
end

TCP sessions without SYN can now be configured when creating or editing a policy from the GUI.

Note:

The 'tcp-session-without-syn' command allows the creation of a TCP session on the firewall without checking the SYN flag on the first packet.

Normally, a TCP session starts with a three-way handshake, beginning with a SYN (synchronize) packet. This ensures both sides know the connection and establishes initial sequence numbers for data transmission. Enabling 'tcp-session-without-syn' is risky because it bypasses the normal SYN packet handshake in TCP connections. This makes it easier for attackers to hijack sessions, perform replay attacks, confuse connection states, and bypass security measures, thereby compromising network security.

4769

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to enable TCP sessions without SYN

You are leaving our website