Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Why does the Selective-ACK-Permitted option is enabled by default?

Hi,

On FWSM running 3.2 OS, the sysopt connectione tcp sack-permitted is enabled by default.  Because of the tcp randomization that is enabled too by default the tcp selective acknowledge feature is not usefull.  I'm planning too disable the tcp-sack using the no sysopt command.  Usually, OS default configuration are consistant.  Am I missing something here?

Thanks!

Everyone's tags (3)
1 REPLY
Cisco Employee

Re: Why does the Selective-ACK-Permitted option is enabled by de

Yes it is enabled by default.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/s8.html#wp2736408

Command Default

This command is enabled by default, and the Selective-ACK-Permitted option remains intact.

This is a security feature so, it is enabled by default.  You can turn it off by adding the keyword "norandomseq" in the tail end of the static command as well.

-KS

1018
Views
0
Helpful
1
Replies