Hello,
Have a weird one here. We have an ISG2000 HA pair that we have tools behind it that manage devices all over the country. We have enabled tcp-syn-check on it. Since then. We have a found devices that we are unable to connect to. It looks like the firewall is dropping the packet due to the tcp-syn-check.
The weird part is that when a capture is done the syn is sent and the syn-ack is returned but seems like its being treated like a diff. session and dropping the packet.
I have created a no-hardware policy so it runs in CPU and this seems to work. But I was just wondering if anyone has seen this before? I opened a ticket with jtac and they could not understand why that was happening.
Thanks