https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194875#M36271 <P>First packet isnt syn has been an error thats been around since probably the beginning of stateful firewalls. All that says, in layman's terms, is that connection is not completing to the point of 3-way handshake (syn -&gt; syn-ack-&gt;ack)</P> <P>You should do regular fw monitor and fw monitor -F flag to see what happens.</P> <P>Andy</P> Wed, 11 Oct 2023 18:49:41 GMT the_rock 2023-10-11T18:49:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194872#M36268 <P>Hello,<BR /><BR />We have a current IP-A-IP communication, which travels over a dedicated link (MPLS).<BR />Since a few weeks, we have this communication very slow and unstable.</P> <P>What the source wants to consume is a service on port 80, but what I see in the logs, is that there is a traffic that at times is allowed, and at times not.</P> <P>When it is allowed, the traffic matches with its firewall rule and its NO-NAT rule (since they don't want to kick the origin), but then the traffic starts to match with a rule that is not visible in the SmartConsole, and simply "throws away" the connections (the only known message is that a DROP is done).</P> <P>Is there any way to detect the reason for this behavior?</P> <P>I publish a reference image.<BR /><BR />ClusterXL HA -&gt; Version R81.10 -&gt; Take 81<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IN1.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22763iBBFE1E0B7F3807D4/image-size/large?v=v2&amp;px=999" role="button" title="IN1.png" alt="IN1.png" /></span></P> <P>Cheers <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 11 Oct 2023 18:21:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194872#M36268 Matlu 2023-10-11T18:21:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194873#M36269 <P>Thats always tough bro, specially when its intermittent. MTU came to mind when I read the problem, but not so sure that might be the case here. Can you expand the drop log and send it as a screenshot, so we can see all the details? Does zdebug show anything when it fails?</P> <P>Andy</P> Wed, 11 Oct 2023 18:30:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194873#M36269 the_rock 2023-10-11T18:30:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194874#M36270 <P>Hey,</P> <P>I'm sharing a notepad, with a log (Accept) and a log in (Drop), so it can be more understandable.</P> <P>I'm not sure if these logs in DROPS should be ignored or not, or relate directly to the problem, since the problem is that the source has a "SLOW" problem when it wants to consume a resource from the destination.</P> Wed, 11 Oct 2023 18:36:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194874#M36270 Matlu 2023-10-11T18:36:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194875#M36271 <P>First packet isnt syn has been an error thats been around since probably the beginning of stateful firewalls. All that says, in layman's terms, is that connection is not completing to the point of 3-way handshake (syn -&gt; syn-ack-&gt;ack)</P> <P>You should do regular fw monitor and fw monitor -F flag to see what happens.</P> <P>Andy</P> Wed, 11 Oct 2023 18:49:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194875#M36271 the_rock 2023-10-11T18:49:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194876#M36272 <P>Do you have the syntax of the command that I could apply in my scenario, in order to check the flow of this communication, please?</P> Wed, 11 Oct 2023 19:25:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194876#M36272 Matlu 2023-10-11T19:25:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194880#M36274 <P>If you give src and dst, I can provide it.</P> <P>Andy</P> Wed, 11 Oct 2023 19:45:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194880#M36274 the_rock 2023-10-11T19:45:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194882#M36275 <P>The origin and destination, are those shown in the initial image of this publication <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 11 Oct 2023 20:20:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194882#M36275 Matlu 2023-10-11T20:20:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194883#M36276 <P>I attached simple file I sent to customer once for things to check based on different issues, example is there.</P> <P>Andy</P> Wed, 11 Oct 2023 20:29:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/P2P-Communication-Intermittence/m-p/194883#M36276 the_rock 2023-10-11T20:29:38Z