An engineer receives reports from users that applications are not working and that websites are only partially loading in an asymmetric environment. After investigating, the engineer observes the flow_tcp_non_syn_drop counter increasing in the show counters global output.
Which troubleshooting command should the engineer use to work around this issue?
The command set deviceconfig setting session tcp-reject-non-syn no is used to configure the device so that it does not reject TCP packets that do not start with a SYN flag. In this scenario, the engineer observes the flow_tcp_non_syn_drop counter increasing, which indicates that non-SYN TCP packets are being dropped. By using the set deviceconfig setting session tcp-reject-non-syn no command, the engineer can prevent these non-SYN TCP packets from being dropped, allowing applications and websites to function properly in an asymmetric environment.
Run the following commands to disable the option permanently: > configure # set deviceconfig setting session tcp-reject-non-syn no # commit ------ B, would be correct if it would be set to NO. Run the following commands to disable TCP reject non-SYN temporarily (until reboot) > set session tcp-reject-non-syn no source:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEwCAK
Answer is D. Refer to samqq's link.
D is correct
D is correct.
It's D. B is almost correct... but it would be "no" not "yes". In troubleshooting, I would use this option because it's temporary... D would be permanent. However, the only correct option is D. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEwCAK
Answer is d. a makes no sense at all
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEwCAK
B. set session tcp-reject-non-syn yes
If B was set session tcp-reject-non-syn no this would be correct. Since it's "yes" it's not correct. D is the only correct answer.