Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bpriya
Staff
Staff

Created on ‎05-19-2020 07:24 AM Edited on ‎12-10-2024 07:31 AM By Moderator

Article Id 198286

Technical Tip: How to enable TCP sessions without SYN

Description

 

This article describes how TCP sessions without SYN can be configured when creating or editing a policy from the GUI.

 

Scope

 

FortiGate.


Solution

 

From CLI.

config system settings
    set tcp-session-without-syn enable
end

 
TCP sessions without SYN can now be configured when creating or editing a policy from the GUI.
 
Note: 

 

The 'tcp-session-without-syn' command allows the creation of a TCP session on the firewall without checking the SYN flag on the first packet.

Normally, a TCP session starts with a three-way handshake, beginning with a SYN (synchronize) packet. This ensures both sides know the connection and establishes initial sequence numbers for data transmission. Enabling 'tcp-session-without-syn' is risky because it bypasses the normal SYN packet handshake in TCP connections. This makes it easier for attackers to hijack sessions, perform replay attacks, confuse connection states, and bypass security measures, thereby compromising network security.
Labels:
4572
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.