Manualshelf

User guide

ManualsBrandsCheck Point Software Technologies ManualsNetworkingSafe@Office 1000NW
491492493494495496497498499500
SmartDefense Categories
476 Check Point Safe@Office User Guide
TCP
This category allows you to configure various protections related to the TCP protocol. It
includes the following:
Flags on page 482
Sequence Verifier on page 481
Small PMTU on page 477
Strict TCP on page 476
SynDefender on page 479
Strict TCP
Out-of-state TCP packets are SYN-ACK or data packets that arrive out of order, before the
TCP SYN packet.
Note: In normal conditions, out-of-state TCP packets can occur after the Safe@Office
restarts, since connections which were established prior to the reboot are unknown.
This is normal and does not indicate an attack.
Note: Certain SmartDefense protections implicitly apply the Strict TCP protection to
relevant connections. In such cases, "TCP Out-of-State" log messages may appear
in the Security Log, even though the Strict TCP protection is disabled.
You can configure how out-of-state TCP packets should be handled.