Application Delivery (ADX)

Reply
Contributor
Posts: 39
Registered: ‎05-04-2009

Why is the ServerIron responding to connection requests to non defined service ports?

Why is the ServerIron responding to connection requests to non defined service ports?

I do have a virtual server looking like

server virtual abc q.w.e.r

   port http

   port ssl

   port dns

   port 1070

and I am getting a SYN-ACK back in case I am trying to telnet port 1234 of the virtual server. It is just the SYN-ACK coming back - the connection is not really successful.

Is there any reason for a SYN-ACK coming from a port I have not defined?

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: Why is the ServerIron responding to connection requests to non defined service ports?

This is not normal - the ServerIron should not do that by default. Are you sure it is the ServerIron sending the SYN-ACK out to the client? L4 load balancing would send the SYN directly to the real servers and the SYN-ACK is coming from the real servers. Only Layer 7 load balancing is doing some kind of delayed binding and some security features like SYN-Guard/-Proxy will do something like that.

Please try to enable the following in case you have SYN-Guard/-Proxy enabled in your setup:

server syn-cookie-check-vport

Contributor
Posts: 39
Registered: ‎05-04-2009

Re: Why is the ServerIron responding to connection requests to non defined service ports?

It was the syn-guard problem you have mentioned - thanks a million. All I have done is to add the command mentioned and it is working...

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook