Educause Security Discussion mailing list archives
Cisco FWSM and Random Sequencing
From: Josh Flaherty <Josh.Flaherty () INDSTATE EDU>
Date: Fri, 18 Oct 2013 09:16:13 -0400
Greetings, We have been having an ongoing issue with the transfer of files large files across firewall contexts (Cisco FWSM). We have identified the problem as the initial sequence number randomization feature of the FWSM being enabled. The feature is causing a miss-alignment TCP sequence numbers that causes some software firewalls to block traffic and stall the transfers. The sequence number randomization is a legacy security feature that is enabled by default. Most operating systems since around 2000 already do ISN randomization so we are discussing disabling the feature on all of our FWSM firewall contexts. Has anyone else encountered this issue with a FWSM or any other firewalls? If so was the solution to disable the sequence number randomization? Thanks Josh Flaherty Information Technology Security Officer Office of Information Technology Indiana State University
Current thread:
- Cisco FWSM and Random Sequencing Josh Flaherty (Oct 18)
- Re: Cisco FWSM and Random Sequencing Ian McDonald (Oct 18)
- Re: Cisco FWSM and Random Sequencing Peter Setlak (Oct 18)
- Re: Cisco FWSM and Random Sequencing Chris Green (Oct 21)
- Re: Cisco FWSM and Random Sequencing Ian McDonald (Oct 18)