I'm about to run a WAAS implementation Project but I have got below prerequisites that it should be taken on firewalls from one of my colleague, can you please let me know whether this is true?
1) disable checking the TCP Sequence Number Fields
2) to allow TCP option modifications.
Doing this may leave the Customer LAN environment vulnerable to DoS attacks. In addition, Cisco has encountered many challenges getting WAAS to work even when both of these items have been changed on the FWs.
The ports/protocols you need to open are the same as WAAS not being there. It's the security/normalization checks that you'll have to turn off. The problems I would anticipiate are:
- Unknown TCP Options - We use TCP option 33 (0x21) for auto-discovery between WAAS devices. The firewall should be configured to allow this option to change unmodified.
- TCP Sequence Numbers - TCP sequence number checking for optimized connections will need to be disabled.
- Deep Packet Inspection - DPI for packets where we have performed compression will likely fail.