https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Packet-Drop/m-p/192018#M35451 <P>When migrating from R80.10 to 80.40, there are changes in the implied_rule.def and communicated.def files.</P><P>However, I am not sure if this was changed intentionally by someone or if the logic changed as the version changed.</P><P>&nbsp;</P> Fri, 08 Sep 2023 09:20:40 GMT ChoiYunSoo 2023-09-08T09:20:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Packet-Drop/m-p/189857#M34990 <P>Hi</P><P>&nbsp;</P><P>Has anyone ever experienced SMTP sessions dropping?</P><P>&nbsp;</P><P>After upgrading the customer's management server OS (R80.10 to R80.40) recently, we are experiencing SMTP packets being dropped.</P><P>What is unusual is that there were no policy or other option modifications, and the gateway remains at the original R80.10 version.</P><P>&nbsp;</P><P>As a detailed symptom, the customer's firewall consists of only two interfaces.<BR />And when I run tcpdump on the firewall, I see Syn packets on the inside interface, but I don't see packets going out on the outside interface.</P><P>I'm expecting the firewall to randomly drop packets.</P><P>&nbsp;</P><P>Another peculiarity was that the service was normalized when the policy was installed without any modification on the management server.</P><P>So I'm thinking it's more likely a firewall and mail server or L4 managed session issue rather than policy or firewall logic.</P><P>&nbsp;</P><P>Are there any settings that can affect firewall sessions in the R80.10 and R80.40 management servers? For example, such as the Inspection Setting part or Virtual Session timeout</P><P>&nbsp;</P><P>PS</P><P>I want to execute the 'fw ctl zdebug + drop' command, but I am afraid that secondary problems will occur due to performance load, so I am not able to proceed.</P><P>Firewalls usually flow about 6 to 10 Gbps of traffic.</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks regards</P><P>&nbsp;</P> Fri, 18 Aug 2023 08:53:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Packet-Drop/m-p/189857#M34990 ChoiYunSoo 2023-08-18T08:53:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Packet-Drop/m-p/189876#M34995 <P>You can safely run zdebug command, it definitely would not cause any load on the firewall. By the way, I also suspect something either with inspection settings or possibly IPS.</P> <P>&nbsp;</P> Fri, 18 Aug 2023 12:43:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Packet-Drop/m-p/189876#M34995 the_rock 2023-08-18T12:43:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Packet-Drop/m-p/189888#M35000 <P>Keep in mind R80.10 is End of Support and R80.40 is about to be End of Support.<BR />R81.20 is the current recommended release.</P> Fri, 18 Aug 2023 13:45:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Packet-Drop/m-p/189888#M35000 PhoneBoy 2023-08-18T13:45:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Packet-Drop/m-p/192018#M35451 <P>When migrating from R80.10 to 80.40, there are changes in the implied_rule.def and communicated.def files.</P><P>However, I am not sure if this was changed intentionally by someone or if the logic changed as the version changed.</P><P>&nbsp;</P> Fri, 08 Sep 2023 09:20:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Packet-Drop/m-p/192018#M35451 ChoiYunSoo 2023-09-08T09:20:40Z