- Products
- Learn
- Local User Groups
- Partners
- More
This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
- Products
- Learn
- Local User Groups
- Upcoming Events
- Americas
- EMEA
- Czech Republic and Slovakia
- Denmark
- Netherlands
- Germany
- Sweden
- United Kingdom and Ireland
- France
- Spain
- Norway
- Ukraine
- Baltics and Finland
- Greece
- Portugal
- Austria
- Kazakhstan and CIS
- Switzerland
- Romania
- Turkey
- Belarus
- Belgium & Luxembourg
- Russia
- Poland
- Georgia
- DACH - Germany, Austria and Switzerland
- Iberia
- Africa
- Adriatics Region
- Eastern Africa
- Israel
- Nordics
- Middle East and Africa
- Balkans
- Italy
- Bulgaria
- Cyprus
- APAC
- Partners
- More
- ABOUT CHECKMATES & FAQ
- Sign In
- Leaderboard
- Events
AI Security Masters E7:
How CPR Broke ChatGPT's Isolation and What It Means for You
Blueprint Architecture for Securing
The AI Factory & AI Data Center
Call For Papers
Your Expertise. Our Stage
Good, Better, Best:
Prioritizing Defenses Against Credential Abuse
Ink Dragon: A Major Nation-State Campaign
Watch HereCheckMates Go:
CheckMates Fest
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- CheckMates
- :
- Products
- :
- Hybrid Mesh
- :
- Firewall and Security Management
- :
- Re: Bug or something other
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bug or something other
Hello, I have a version R81.20 Jumbo Hotfix Take 76 on my gateways in ClusterXL, but when I have upgraded it to a Take 84 (recommended version) I get some issues regarding internet access.
Connection terminated before the Security Gateway was able to make a decision: Insufficient data passed.
To learn more see sk113479.
It seems like issue with policy match.
I have inline layer created for internet access (rule ID: 79). Instead of connections match rule 79.15 they match rule 79.
I didn't find a cause of the problem and I have downgrade to Hotfix Take 76
How to resolve problem?
5 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This error message is considered "normal" and a function of how modern application-aware firewalls operate.
In short:
- On first packet, you only know source/destination/service from an IP header perspective.
- Additional packets are required to fully classify the traffic (e.g. we need to see HTTP headers or information not available in the first packet).
- Assuming there's at least ONE accept rule on the relevant port, traffic will be allowed until the traffic can be properly classified.
- If the underlying connection closes before classification occurs, you will see the error you mention.
Again, this is expected behavior and documented in the referenced SK: https://support.checkpoint.com/results/sk/sk113479
The fact you rolled back begs the question: were your users experiencing any actual issues as a result of these errors?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The way I always put it, that sk is literally a long way of saying 3 way handshake is not completing and firewall is not a problem. It simply does not have enough data to classify such a connection, and though you may see the actual drop in the log, thats not technically the case.
Andy
Best,
Andy
"Have a great day and if its not, change it"
Andy
"Have a great day and if its not, change it"
This widget could not be displayed.
Look at this pictures. When problem occurs, nobody can access the internet. Policy say that rule 79 is matched (rule 79 is inline layer). It must be matched rule 79.11 to allow access the internet.
I don't know, maybe is something wrong with Gaia OS, I think to reinstall Gaia OS.
Look at this pictures. When problem occurs, nobody can access the internet. Policy say that rule 79 is matched (rule 79 is inline layer). It must be matched rule 79.11 to allow access the internet.
I don't know, maybe is something wrong with Gaia OS, I think to reinstall Gaia OS.
Look at this pictures. When problem occurs, nobody can access the internet. Policy say that rule 79 is matched (rule 79 is inline layer). It must be matched rule 79.11 to allow access the internet.
I don't know, maybe is something wrong with Gaia OS, I think to reinstall Gaia OS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The action on the log says "Accept."
When you say "nobody can access the Internet" what is the exact behavior? (i.e. what is seen by end users)
In any case, the error message itself isn't necessarily indicative of a problem.
However, if there is an actual issue that can be resolved by uninstalling the relevant JHF, then you'll need to consult with TAC.
The action on the log says "Accept."
When you say "nobody can access the Internet" what is the exact behavior? (i.e. what is seen by end users)
In any case, the error message itself isn't necessarily indicative of a problem.
However, if there is an actual issue that can be resolved by uninstalling the relevant JHF, then you'll need to consult with TAC.
