cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1871
Views
0
Helpful
1
Replies

Why does the Selective-ACK-Permitted option is enabled by default?

Hi,

On FWSM running 3.2 OS, the sysopt connectione tcp sack-permitted is enabled by default.  Because of the tcp randomization that is enabled too by default the tcp selective acknowledge feature is not usefull.  I'm planning too disable the tcp-sack using the no sysopt command.  Usually, OS default configuration are consistant.  Am I missing something here?

Thanks!

1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

Yes it is enabled by default.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/s8.html#wp2736408

Command Default

This command is enabled by default, and the Selective-ACK-Permitted option remains intact.

This is a security feature so, it is enabled by default.  You can turn it off by adding the keyword "norandomseq" in the tail end of the static command as well.

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: