You want to know if the ProxySG or Advanced Secure Gateway (ASG) appliances are vulnerable to CVE-2004-0230, "TCP Sequence Number Approximation Based Denial of Service".

The ProxySG appliance is hardened against this sort of attack. The appliance compares the incoming sequence number to the last ACK we sent and the next sequence number we expect to receive.  If it is not equal to or is within 1 in either direction, we drop the packet.  Thus, if the attacker is not snooping on the network, they would need to do the following:

1. Guess the connection 4-tuple
2. Guess an acceptable sequence number -- a 3 in 4 billion chance