This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
‎2025-07-07 11:50 PM
Jump to solution

High RX Drops Observed

I’ve noticed a high number of RX drops on one of the interfaces.
Is it possible to reset these counters?
If so, how can I do that?

0 Kudos
2 Solutions

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2025-07-09 06:28 AM
Jump to solution

Diagnosing RX-DRP issues became significantly more complicated in Gaia 3.10 when the counter's meaning changed.  Here are the relevant pages from my Gateway Performance Optimization Course detailing how to assess whether or not you should do something about them:

rxdrp1.png 

 

rxdrp2.png 

 

rxdrp3.png

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

View solution in original post

RemoteUser
Advisor
‎2025-07-09 07:15 AM
In response to Lesley
Jump to solution

the issue it solved by replacing the cable, now there is not any latency 

View solution in original post

0 Kudos
12 Replies
Chris_Atkinson
Employee Employee
Employee
‎2025-07-08 02:31 AM
Jump to solution

I don't recall seeing any newer guidance on this.
For a cluster you can failover then perform:

ifdown ethX; ifup ethX

 

CCSM R77/R80/ELITE
RemoteUser
Advisor
‎2025-07-09 12:04 AM
In response to Chris_Atkinson
Jump to solution

Thank you, if i do set interface off and on, it's the same right?

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2025-07-08 11:30 AM
Jump to solution

The technique Chris posted is the only way I know how. Note that it does technically cause an outage on the interface; however, if you execute the command as a single command with a semicolon, the outage is extremely brief.  Not all RX-DRPs are loss of frames the firewall should have processed, some of them were probably "junk" frames the firewall can't process anyway.  See sk166424: Number of RX packet drops on interfaces increases on a Security Gateway R80.30 and higher ...

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Lesley
Authority Authority
Authority
‎2025-07-08 12:34 PM
Jump to solution

Does HCP health check report also complain about the rx drops? are there any performance issues on the system?

What is the current value? ethtool -g eth1

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
RemoteUser
Advisor
‎2025-07-09 12:06 AM
In response to Lesley
Jump to solution

yes, hcp report complain about rx drop, yes on the system the latency it's very solw

0 Kudos
_Val_
Admin
Admin
‎2025-07-09 12:42 AM
In response to RemoteUser
Jump to solution

You most probably have a receiving side issue on that interface that needs to be investigated and fixed. Resetting counters will not fix it, it can only mask the issue for a period of time.

0 Kudos
Lesley
Authority Authority
Authority
‎2025-07-09 05:51 AM
In response to RemoteUser
Jump to solution

Ok, share some details please. Check with cpview the errors and drops, make screenshot, check next day again. If they increase a lot share current buffer value. 

clish

set interface Lan3 rx-ringsize 1024

save config

exit

ethtool -g Lan3

 

# ethtool -g Lan1

Ring parameters for Lan1:

Pre-set maximums:

RX:             4096

RX Mini:        0

RX Jumbo:       0

TX:             4096

Current hardware settings:

RX:             256

RX Mini:        0

RX Jumbo:       0

TX:             1024

 

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
RemoteUser
Advisor
‎2025-07-09 07:15 AM
In response to Lesley
Jump to solution

the issue it solved by replacing the cable, now there is not any latency 

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2025-07-09 07:21 AM
In response to RemoteUser
Jump to solution

Are you sure replacing the cable solved your RX-DRPs, not RX-ERR?  A cable should not cause buffering misses (RX-DRP) unless the cable was the wrong type and linked up at a much slower speed than it should, which would actually be more likely to cause RX-OVR.  Having a hard time accepting that replacing a cable fixed just RX-DRPs.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
RemoteUser
Advisor
‎2025-07-09 07:29 AM
In response to Timothy_Hall
Jump to solution

When the customer reported an issue with network connectivity, I checked the netstat -ni output and noticed the following:

RX-DRP: 34,137,237

RX-OK: 411,649,242

RX-ERR: Around 150, which I assume isn't significant.

and the ratio it's very high please see here:
https://community.checkpoint.com/t5/General-Topics/Ifconfig-dropped-explanation/td-p/24447

after we change the cable now seems everything works fine

Johannes_Hoen
Explorer
‎2025-07-09 03:38 AM
Jump to solution

Hi

 

Can you check the interrupts on the interfaces ? I think the box is just overloaded....

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2025-07-09 06:28 AM
Jump to solution

Diagnosing RX-DRP issues became significantly more complicated in Gaia 3.10 when the counter's meaning changed.  Here are the relevant pages from my Gateway Performance Optimization Course detailing how to assess whether or not you should do something about them:

rxdrp1.png 

 

rxdrp2.png 

 

rxdrp3.png

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events