Purpose

This document is going to describe some points regarding network communication you can see within Core and Cloud Service Appliance.

Ivanti Management Gateway has been built to ensure the highest security level. We are still working on improvements and additional features to fulfill customer requirements.

If you have a look on network traffic captured on Core server connected to CSA you can encounter unusual situation. Management Gateway at the end of communication sends TCP packet with RST flag which might be consider as for example TCP reset attack. However, this is totally normal for CSA and its traffic with Core server.

You can also encounter a situation when the stream contains only one packet with RST, ACK flags and the sequence number is 1. Such a behavior should be also treated as expected.

This is done to reset the broker tunnel and create a new session key for the connection to the CSA. Even though the CSA sent this in through the tunnel, a connection cannot be established from the CSA.