Can anyone please specify tcp flaps used by dfw firewall ?
Also please let me know how to analyze syslogs of dfw firewalls.
i tried to find details but didn't find any.
i am having issue in which i am getting TERM action log and FIN flag is displayed in logs. i tried to find blogs and documents explaining action and about how to analyze logs but no luck.
i also see SEM listed in intial traffic logs along with PASS action for flow then later action i can see is TERM with FIN flag.
I'm unsure what tool you are using for syslog ? Ideally for such deep level inspection you need a IPFIX/Netflow collector and it will easy fetch it .
I recommend using vRNI for network visibility and flows.
And vRLI to check the logs of DFW rules specially with the "Interactive Analysis"
check the following: Using vRealize Log Insight to manage and review NSX Distributed Firewall rules