Strict TCP

Out-of-state TCP packets are SYN-ACK or data packets that arrive out of order, before the TCP SYN packet.

Note: In normal conditions, out-of-state TCP packets can occur after the UTM-1 restarts, since connections which were established prior to the reboot are unknown. This is normal and does not indicate an attack.

Note: Certain SmartDefense protections implicitly apply the Strict TCP protection to relevant connections. In such cases, "TCP Out-of-State" log messages may appear in the Security Log, even though the Strict TCP protection is disabled.

You can configure how out-of-state TCP packets should be handled.

Strict TCP

In this field…	Do this…
Action	Specify what action to take when an out-of-state TCP packet arrives, by selecting one of the following: Block. Block the packets. None. No action. This is the default.
Track	Specify whether to log null payload ping packets, by selecting one of the following: Log. Log the packets. This is the default. None. Do not log the packets.

In this field…

Do this…

Action

Specify what action to take when an out-of-state TCP packet arrives, by selecting one of the following:

Block. Block the packets.
None. No action. This is the default.

Track

Specify whether to log null payload ping packets, by selecting one of the following:

Log. Log the packets. This is the default.
None. Do not log the packets.