Common Scenario

What happens in most cases is this:

  • Client sends a TCP SYN packet, which arrives to AZTCO-FW software and gets a state table entry
    • AZTCO-FW softwaresends back an ICMP redirect letting the client know to reach the target server via the alternate gateway
    • Server sends back a TCP SYN+ACK packet by some other path that AZTCO-FW software doesn’t see
    • Client sends its ACK and further responses back by its other gateway that are not seen by AZTCO-FW software
    • After 30 seconds, AZTCO-FW software removes its state table entry as the connection was never completed as observed by AZTCO-FW software
    • Some time later, the client’s ICMP redirect learned route expires and the client sends another packet back to AZTCO-FW software

Since this packet is not starting a new connection, the packet is dropped, and the client gets disconnected since it now has no way to reach the destination

© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.