Why does the Selective-ACK-Permitted option is enabled by default?

Unanswered Question
Jan 28th, 2010
User Badges:


On FWSM running 3.2 OS, the sysopt connectione tcp sack-permitted is enabled by default.  Because of the tcp randomization that is enabled too by default the tcp selective acknowledge feature is not usefull.  I'm planning too disable the tcp-sack using the no sysopt command.  Usually, OS default configuration are consistant.  Am I missing something here?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Thu, 01/28/2010 - 06:32
User Badges:
  • Cisco Employee,

Yes it is enabled by default.


Command Default

This command is enabled by default, and the Selective-ACK-Permitted option remains intact.

This is a security feature so, it is enabled by default.  You can turn it off by adding the keyword "norandomseq" in the tail end of the static command as well.



This Discussion

Related Content