This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Roy_Smith
Collaborator
‎2023-04-19 01:26 AM
Jump to solution

Gre Tunnel traffic being dropped

Hi

We have 2 R81.10 appliances in 2 separate sites, connected over our WAN. Behind each firewall, there is a wireless controller. The 2 wireless controllers are configured to connect to each other via Gre tunnels. However, the gre tunnel is not getting established between these 2 controllers. Each controller also have other gre tunnels to other wireless controllers at other sites on the WAN, which are established and working. It appears it is only the gre traffic between the 2 main controllers that is getting dropped at each firewall. 

If I run tcpdump, I can see the traffic coming in to the interface but not going out. If I run fw ctl zdebug drop I get the message 

"dropped by fw_handle_old_conn_recovery Reason: Other protocol packet that belongs to an old connection" 

I'm unable to find much information on this particular message. Has anyone any ideas what it could point to and how I troubleshoot this? Any reason why some gre traffic goes through and other traffic is dropped?

Many Thanks
Roy

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2023-04-19 05:24 AM
Jump to solution

sk121933 talks to a similar drop reason for UDP traffic flows.

Can I confirm your connect persistence settings, are they set to keep or rematch?

Is the issue always present or only after someone performs a policy installation for the intermediate gateway?

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-04-19 05:24 AM
Jump to solution

sk121933 talks to a similar drop reason for UDP traffic flows.

Can I confirm your connect persistence settings, are they set to keep or rematch?

Is the issue always present or only after someone performs a policy installation for the intermediate gateway?

CCSM R77/R80/ELITE
0 Kudos
Roy_Smith
Collaborator
‎2023-04-20 12:07 AM
In response to Chris_Atkinson
Jump to solution

Chris

Thanks for that. I initially went through the sk article but did not see any difference. I decided to go through the clear connections steps on both gateways and that appears to have resolved the issue. 

Thanks
Roy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top