Why does the Selective-ACK-Permitted option is enabled by default?

Unanswered Question
Jan 28th, 2010

Hi,

On FWSM running 3.2 OS, the sysopt connectione tcp sack-permitted is enabled by default.  Because of the tcp randomization that is enabled too by default the tcp selective acknowledge feature is not usefull.  I'm planning too disable the tcp-sack using the no sysopt command.  Usually, OS default configuration are consistant.  Am I missing something here?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Thu, 01/28/2010 - 06:32

Yes it is enabled by default.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/s8.html#wp2736408

Command Default

This command is enabled by default, and the Selective-ACK-Permitted option remains intact.

This is a security feature so, it is enabled by default.  You can turn it off by adding the keyword "norandomseq" in the tail end of the static command as well.

-KS

Actions

This Discussion