cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

fwconn_key_init_links (OUTBOUND) failed

Hi Chekmates,

I´m seeing the following error:

;[cpu_2];[fw4_27];fw_log_drop_ex: Packet proto=6 10.a.a.a.a:12748 -> 207.166.94.186:443 dropped by fw_conn_post_inspect Reason: fwconn_key_init_links (OUTBOUND) failed;
;[cpu_24];[fw4_14];fw_log_drop_ex: Packet proto=6 b.b.b.b:25680 -> 207.166.86.186:443 dropped by fw_conn_post_inspect Reason: fwconn_key_init_links (OUTBOUND) failed;
;[cpu_12];[fw4_7];fw_log_drop_ex: Packet proto=6 c.c.c.c:34519 -> 104.47.145.202:443 dropped by fw_conn_post_inspect Reason: fwconn_key_init_links (OUTBOUND) failed;

a.a.a.a, b.b.b.b and c.c.c.c have one thing in particular, all McAffe web gateways, destination port is always port 443.

Any known issue on this community between McAffe web gateways and checkpoint

I am running on a R77.30 GAIA active/standby cluster.

Issues related to those messages are slownes or access issues on web sites.

Thanks!!!

0 Kudos
4 Replies
Highlighted
Admin
Admin

Re: fwconn_key_init_links (OUTBOUND) failed

Can you describe the traffic flow between these servers, the gateway, and the Internet?

This may be the result of the Security Gateway seeing the same packet twice, which is not supported.

Re: fwconn_key_init_links (OUTBOUND) failed

Host(s)>proxy servers>Internet Firewalls>Internet. 

Our network sends http/https traffic to this proxies, then it goes to the firewalls. Something that can also be observed is traffic not being correctly NATed ourbound (hide nat).

0 Kudos
Admin
Admin

Re: fwconn_key_init_links (OUTBOUND) failed

I recommend opening a TAC case so this can be investigated.

Contact Support | Check Point Software 

0 Kudos
phlrnnr
Copper

Re: fwconn_key_init_links (OUTBOUND) failed

Did it end up being this?  Although it looks like this may be for R80.10.

Traffic not being NAT'ed correctly 

0 Kudos