Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sinanju
Explorer

R80.30 Out of state packet logging - strange behavior.

Hi. all!

I need explanation or sk or something else what could shed light on r80.30 out of state logging. I haven't find.

We have R80.30 and there are a certain number of entries in the logs that are related to processing out of state packets by sequence verifier (action detect). Checkboxes with a ban of out of state traffic are not marked in the global properties. And traffic goes out of LAN. It's OK.

But, when I look through such records, I do not find the rule number that processed this traffic.  Only that sequence verifier detected this traffic. 

I need to understand - is this normal behavior (and why) or i need send a ticket to CheckPoint?

 

thank you in advance

0 Kudos
Reply
3 Replies
PhoneBoy
Admin
Admin

Sequence verifier isn't necessarily "out of state" in the traditional sense.
It just means the sequence numbers for a specific known TCP connection are "out of range."
Why it's not logging a rule number, I'm not sure, might be worth a TAC case to clarify.

0 Kudos
Reply
sinanju
Explorer

Yes, this is obvious and doesn't matter in this situation.

I wonder if it is possible that only the last of the events from the mechanisms of a single blade is written to the log?

I mean that the packet was first processed by the accept rule, and then checked for compliance with ip options, and a single log entry was made that corresponds to the last packet processing mechanism.

0 Kudos
Reply
PhoneBoy
Admin
Admin

Like I said, I recommend a TAC case here.

0 Kudos
Reply