Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Cisco ASA feature on sequence number

I have a server that has an old kernel that is vulnerable to a security weakness related to TCP sequence number generation. This is now put behind a Cisco ASA 5510 and static map to an external IP. Will the cIsco ASA intercept the traffic and re-generate randomized sequence number on behalf of the server?

Thanks

Eppie

2 REPLIES
New Member

Cisco ASA feature on sequence number

Is this under the feature of Sequence Number Randomization (SNR) of the ASA?

Cisco Employee

Cisco ASA feature on sequence number

Hi Eppie,

That is correct, the ASA as part of the security mechanisms and the Stateful firewall algorithm will randomize the sequence number.

This option can be enable by host also. By default, it is being done for all of the internal hosts.

Mike

Mike
393
Views
0
Helpful
2
Replies
CreatePlease to create content