Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

explicit proxy errors and issues after upgrade to r80.20.

hello. 

ever since we upgrade d to r80.20 we are having issues with multiple sites and we suspect it's explicit proxy config related.

they load sometimes but remain blank other times. 

we first thought it was https inspection related. but even bypassed traffic is affected. 

then we noticed following error log in /var/log/messages. hitting constantly:

[ERROR]: up_conn_notify_parser_event: short circuit was required, but redirect on CONNCT was ignored, drop
ping

 

we suspect this is related. 

 

we logged a case with checkpoint. the upgrade was done 20th of march. so before take 47 became ga. 
the checkpoint engineer therefore instructed us to install the latest take( fair enough even though I was sure this would not resolve the issue)

take is installed. the issue remains --> currently the checkpoint engineer is declaring they are looking into it. but take 47 is fairly new so there's no documentation of this( read: the engineer entered the error text on the Site and no KB's turned up. which I could have told him myself beforehand as well.... wtf)

Anyway we'll be taking additional kernel debugs, soon. however I was wondeirng: 

anybody know/had this issue before? 
or have you guys had any other problems with proxy and specifically r80.20 (take 33 and 47)

--> before this the customer was running r80.10 latest take and he did not have the issues. which is why I suspect it's r80.20 related. 

 

0 Kudos
5 Replies
Highlighted
Admin
Admin

To be fair, when we search SecureKnowledge, we often see a few more things than you do as we have access to Internal SKs, other SRs, etc.
Not necessarily in this case, but there's a reason the TAC engineer did that 😀
The fact this problem did not occur in R80.10 but does in R80.20 is definitely suggests a bug of some sort.
0 Kudos
Highlighted
Contributor

We have same issue on CPAP-6500 with R80.20, no workaround so far.

0 Kudos
Highlighted
Participant

after a long time I managed to get the checkpoint engineer to try an reproduce the issue in a lab( which they then did)

and they found it was fixed in hotfix take 80 -> not part of GA at the time. 

 

so what hotfix are you running? 

however I found whilst the impact was mitigated and the short circuit error in messages was a lot less frequent I still see the same error from time to time.

 

0 Kudos
Highlighted
Contributor

We use in CPAP-6500 and the images was dedicate for that model, when implement there is no jumbo can be install, so we have no jumbo installed.

I just check from GaIA there seems have a release Jumbo Take 91, we will try it soon.

We look into this error message due to we have some website browsering got blank page response front enduser and few unknow reason automatic reboot issues.

0 Kudos
Highlighted
Participant

The blank pages we had as well.
also a lot of citrix connections which didn't work or didn't work some of the time.

I'd try installing the last hotfix (if you log a vendorcase it's going to have the same end result. sooner or later the engineer will suggest the latest hotfix.)

0 Kudos