https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/169201#M35382 <P>This is one of the sanity checks we perform by default on connections.<BR />It can be triggered under load as described here:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk114529" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk114529</A>&nbsp;<BR />You can disable this check or create a specific exception here:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19314iC308009991B9CD2B/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>Note these Inspection Settings are done in the firewall (not IPS) and require pushing the Access Policy to take effect.</P> Thu, 26 Jan 2023 02:03:22 GMT PhoneBoy 2023-01-26T02:03:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/169129#M35381 <P>Hello</P><P>Hoping someone can help! I am relatively new to checkpoints, we are seeing a lot of packets dropped with this description</P><P>&nbsp;</P><P>"https Traffic Dropped from XX.XXX.XXX.XXX to XX.XXX.XXX.XXX due to TCP segment out of maximum allowed sequence. Packet dropped."</P><P>&nbsp;</P><P>This happens when users try to access an internal confluence site. Its very slow to load, I see a lot of the errors listed above, then eventually it will work and go through. So there isn't a rule blocking it as such. Its intermittent but repeatable.&nbsp;</P><P>I did google for this and found an article suggesting that it could be high memory usage, I got up a CLI and run the TOP command whilst the issue was occuring however %mem was never high, cpu spiked here and there, usually with cphwd_w_init_ke at the top, but its certainly not sitting at 100pc.&nbsp;</P><P>any help much appreciated!</P><P>Thanks</P><P>&nbsp;</P> Wed, 25 Jan 2023 15:03:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/169129#M35381 jamesp 2023-01-25T15:03:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/169201#M35382 <P>This is one of the sanity checks we perform by default on connections.<BR />It can be triggered under load as described here:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk114529" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk114529</A>&nbsp;<BR />You can disable this check or create a specific exception here:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19314iC308009991B9CD2B/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>Note these Inspection Settings are done in the firewall (not IPS) and require pushing the Access Policy to take effect.</P> Thu, 26 Jan 2023 02:03:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/169201#M35382 PhoneBoy 2023-01-26T02:03:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/169266#M35383 <P>Hello</P><P>Thanks so much for your reply, so if I set that to allow instead, it should speed up the loading of the site?</P><P>&nbsp;</P><P>Thanks</P><P>James</P><P>&nbsp;</P> Thu, 26 Jan 2023 11:24:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/169266#M35383 jamesp 2023-01-26T11:24:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/191512#M35384 <P>Hello,</P> <P>I have the same scenario.</P> <P>The memory, is exceeding the 90% usage threshold.<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PC.png" style="width: 755px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22314i057D0EDE30A3F309/image-size/large?v=v2&amp;px=999" role="button" title="PC.png" alt="PC.png" /></span></P> <P>The message is the same as reported at the beginning of this post.</P> <P>It is an "expected behavior" (normal), that this kind of alerts occur, and that the memory is "triggered" in terms of its consumption?</P> <P>I have checked sk114529, but I don't see any definitive "solutions".</P> <P>Could someone recommend me, what kind of solution can be applied for this scenario, please?</P> <P>Regards.</P> Mon, 04 Sep 2023 20:34:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/191512#M35384 Matlu 2023-09-04T20:34:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/191652#M35385 <P>Is it expected behavior? Depends on the exact traffic involved.<BR />The protection itself might not cause extra memory usage, but the client's reaction to the connection dropping might.<BR />Regardless, if this is happening with a specific, trusted source or destination on a regular basis, your best bet is to create an exception for this protection.</P> Tue, 05 Sep 2023 19:57:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TCP-segment-out-of-maximum-allowed/m-p/191652#M35385 PhoneBoy 2023-09-05T19:57:42Z