Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Silver

Getting frequent disconnection on R80.20

Hi,

I am on R80.20 with HFA 141 and mgmt on R80.30. Users are suddenly started experiencing disconnection is sessions. Mostly RDP or SAP connections are getting disconnected. 

I immediately have stopped fwaccel due to which the frequency of session disconnection is very less now however in about 4-5 hours their session gets disconnected.

Any clue what to debug?

TIA

Blason R

0 Kudos
7 Replies
Highlighted
Sapphire

I would suggest to get help from TAC !

0 Kudos
Highlighted
Silver

Yes I have started with it.

 

Thanks

0 Kudos
Highlighted

Any time certain connections seem to randomly die, enabling TCP state logging can be helpful to see why a connection died/ended:

sk101221: TCP state logging

You can enable it from the SmartConsole here:

tcpstate.jpg

SecureXL has slightly different timing rules for connections which may explain why the behavior changed when SecureXL was disabled.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Silver

I am not sure if this relates

I have seen IPS preventing some traffic over RDP for example from remote access to it-ressources at the office.

Could it be related to this frequent disconnection?

Best Regards
Kim
0 Kudos
Highlighted
Silver

Nah I feel this is related to multi-queue/corexl or may be secureXL. Anyways I am upgrading to R80.30 and latest HFA lets see if that disappears.

0 Kudos
Highlighted

Maybe, but I'd verify first that the connection is not somehow getting killed by good ol' stateful inspection before trying to dive any deeper.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Silver

Hi there,

I developed some progress and found that we created dyanmic_objects to fetch certain IP addresses from web server. This is happening if we enable those in rule base. And if we stop or delete those rule it does not happen.

I really don't see any logic behind this or would really appreciate if any few debug commands provided? or should I debug kernel or fwd daemon to pinpoint the issue?

0 Kudos