4

I have a TZ 190 Wireless Enhanced with SonicOS Enhanced 4.2.1.0-20e.

Yesterday, people could access without any problems a bank website wich uses HTTPS. Today, it is imposible to access only that website, every other ones works without problems.

When checking the log message filtering to my IP only, this is what appears and I suspect is the cause of this problem, because all other websites are working:

Priority: Notice
Category: Network Access
Message: TCP handshake violation detected; TCP connection dropped   
Source: X.Y.Z.3, 51997, LAN (admin) 
Destination: 200.14.232.18, 443, WAN    
Notes: Handshake Timeout

Where X.Y.Z.3 is my local IP.

I've tried to change TCP Settings under Firewall option, and activated this options with no success:

Enforce strict TCP compliance with RFC 793 and RFC 1122

and

Enable TCP checksum enforcement

I've also tried to find the MTU and at first I got:

Packet needs to be fragmented but DF set

But when I lower the value of ping -f -l to 1468 I got:

Request timeout.

Also I deactivate CFS in lan and wan zones. Nothing works.

Can you please help me? Any Ideas?

Miguel
  • 175
  • 1
  • 3
  • 6

1 Answers1

1

Disable the Handshake Timeout.

Go on Firewall Setings -> Flood Protection:

Uncheck the option "Enable TCP handshake timeout"

Ramon Lucas
  • 11
  • 1
  • 1
    Could you explain a bit why this solves the problem? – psarossy Jan 30 '13 at 13:13
  • I have the same problem. I do not know why gives this error "TCP handshake timeout" . But this is the only solution I found. – Ramon Lucas Jan 30 '13 at 16:47
  • 2
    That means that the device thinks the [TCP handshake](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) times out, so either its timeout setting is far too low, or the banking website is ridiculously slow. – Dennis Kaarsemaker Jul 13 '13 at 09:13
  • @DennisKaarsemaker the fact that this happened all of a sudden suggests the site started running slow, possibly victim of a DDOS? – MDMoore313 Feb 11 '14 at 16:42