This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
babicmilan
Collaborator
4 hours ago

Bug or something other

Hello, I have a version R81.20 Jumbo Hotfix Take 76 on my gateways in ClusterXL, but when I have upgraded it to a Take 84 (recommended version) I get some issues regarding internet access.

Connection terminated before the Security Gateway was able to make a decision: Insufficient data passed.
To learn more see sk113479.

It seems like issue with policy match.

I have inline layer created for internet access (rule ID: 79). Instead of connections match rule 79.15 they match rule 79.

I didn't find a cause of the problem and I have downgrade to Hotfix Take 76

 

How to resolve problem?

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
3 hours ago

This error message is considered "normal" and a function of how modern application-aware firewalls operate.
In short:

  • On first packet, you only know source/destination/service from an IP header perspective.
  • Additional packets are required to fully classify the traffic (e.g. we need to see HTTP headers or information not available in the first packet).
  • Assuming there's at least ONE accept rule on the relevant port, traffic will be allowed until the traffic can be properly classified.
  • If the underlying connection closes before classification occurs, you will see the error you mention. 

Again, this is expected behavior and documented in the referenced SK: https://support.checkpoint.com/results/sk/sk113479 

The fact you rolled back begs the question: were your users experiencing any actual issues as a result of these errors?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events