https://community.checkpoint.com/t5/General-Topics/VSX-Drop-Debugs/m-p/57470#M11564 <P>Hello Everyone,</P><P>We are having CP 23k chassis and running VSX on it. We are also having 3 layer security architecture. Since last 2-3 days users are complaining about major access (intranet or internet etc.) not working and problem is growing further and further. When i performed fw ctl drop debugs on DMZ-VS i encountered below error messages:</P><P>&nbsp;</P><P>;[vs_7];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=6 &lt;ip&gt;:64062 -&gt; ,ip&gt;:80 dropped by fw_send_log_drop Reason: Rulebase - ERROR;<BR />;[vs_7];[tid_0];[fw4_0];[ERROR]: up_rulebase_should_drop_possible_on_SYN: conn dir 0, &lt;ip&gt;:52193 -&gt; ,&lt;ip&gt;:80, IPP 6 required_4_match = 0x100200, not expected required_4_match = 0x100000;</P><P><BR />VS-7 is our DMZ VS. I have tried to google for this error message but there is no useful information available. I have already raised TAC case with Diamond support. But wondering if someone has encountered this kind of issue and can advise what root cause and solution can be?</P><P>Any help or information is much appreciated.</P><P>Regards,</P><P>Ashish</P> Thu, 04 Jul 2019 15:17:51 GMT Ashish_Shah2 2019-07-04T15:17:51Z https://community.checkpoint.com/t5/General-Topics/VSX-Drop-Debugs/m-p/57470#M11564 <P>Hello Everyone,</P><P>We are having CP 23k chassis and running VSX on it. We are also having 3 layer security architecture. Since last 2-3 days users are complaining about major access (intranet or internet etc.) not working and problem is growing further and further. When i performed fw ctl drop debugs on DMZ-VS i encountered below error messages:</P><P>&nbsp;</P><P>;[vs_7];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=6 &lt;ip&gt;:64062 -&gt; ,ip&gt;:80 dropped by fw_send_log_drop Reason: Rulebase - ERROR;<BR />;[vs_7];[tid_0];[fw4_0];[ERROR]: up_rulebase_should_drop_possible_on_SYN: conn dir 0, &lt;ip&gt;:52193 -&gt; ,&lt;ip&gt;:80, IPP 6 required_4_match = 0x100200, not expected required_4_match = 0x100000;</P><P><BR />VS-7 is our DMZ VS. I have tried to google for this error message but there is no useful information available. I have already raised TAC case with Diamond support. But wondering if someone has encountered this kind of issue and can advise what root cause and solution can be?</P><P>Any help or information is much appreciated.</P><P>Regards,</P><P>Ashish</P> Thu, 04 Jul 2019 15:17:51 GMT https://community.checkpoint.com/t5/General-Topics/VSX-Drop-Debugs/m-p/57470#M11564 Ashish_Shah2 2019-07-04T15:17:51Z https://community.checkpoint.com/t5/General-Topics/VSX-Drop-Debugs/m-p/57502#M11569 <P>Hi Ashish,<BR /><BR />I suspect you may have some legacy 'domain' (DNS based) objects that could do with some optimization...<BR /><BR />Some options that come to mind:<BR />- Switch to FQDN objects<BR />- Remove the legacy 'Domain' objects<BR />- Revist the rule order<BR /><BR />Please continue investigations with TAC and advise regarding the final resolution accordingly - thanks.<BR /><BR />Hope this helps.<BR /><BR />Regards,<BR />Chris</P> Fri, 05 Jul 2019 04:11:48 GMT https://community.checkpoint.com/t5/General-Topics/VSX-Drop-Debugs/m-p/57502#M11569 Chris_Atkinson 2019-07-05T04:11:48Z