We are finding that connections made to a VIP on our CSS are being dropped from specific hosts as DOS SYN Attacks.
FLOWMGR-7: <013><010>DoS SYN attack: 192.168.2.11:4549->10.1.248.100:15000<013>
<010>synCnt: 3, initSeq: 1302645697
These hosts are accessing the VIP through a PIX firewall and the 2 checkpoint firewalls.
I can see that the connection is allowed through all the firewalls and eventuall
y dropped on the CSS.
The connection is made on port 443 to the VIP initially and thereafter the client is directed to port 15000 on the webserver. This connection n 15000 is made through the CSS> It works for clients inside the PIX and those outside the PIX. But the affected users connect into the PIX firewall on a site-site VPN and for them the conenctions are being dropped.
Please update me your comments on this at the earliest.