Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alvin
Explorer

Mgmt traffice cannot cross bridge interface (double-inspection)

Hello anyone,

I hope that the Mgmt interface update signature traffic can traverse the bridge interface of the same Security Gateway, I refer to SK105899, and add the following kernel data,

[Expert@R81:0]# cat $PPKDIR/boot/modules/simkern.conf
# Deprecated location.
# Any change should be made at /opt/CPppak-R81/conf/simkern.conf
sim_anti_spoofing_enabled=0
[Expert@R81:0]# cat $FWDIR/boot/modules/fwkern.conf
fw_local_interface_anti_spoofing=0
fw_antispoofing_enabled=0
fwx_bridge_reroute_enabled=1

At this point, I still cannot update, and I get the following message (fw ctl zdebug + drop)

@;3558;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 172.16.13.192:43355 -> 96.7.254.216:443 dropped by fw_reroute_bridge_fold Reason: Bridge reroute, cksum is wrong;
@;3565;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 172.16.13.192:43355 -> 96.7.254.216:443 dropped by fw_reroute_bridge_fold Reason: Bridge reroute, cksum is wrong;
@;3578;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 172.16.13.192:43355 -> 96.7.254.216:443 dropped by fw_reroute_bridge_fold Reason: Bridge reroute, cksum is wrong;
@;3604;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 172.16.13.192:43355 -> 96.7.254.216:443 dropped by fw_reroute_bridge_fold Reason: Bridge reroute, cksum is wrong;
@;3680;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 172.16.13.192:26677 -> 96.7.254.216:443 dropped by fw_reroute_bridge_fold Reason: Bridge reroute, cksum is wrong;
@;3686;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 172.16.13.192:26677 -> 96.7.254.216:443 dropped by fw_reroute_bridge_fold Reason: Bridge reroute, cksum is wrong;
@;3699;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 172.16.13.192:26677 -> 96.7.254.216:443 dropped by fw_reroute_bridge_fold Reason: Bridge reroute, cksum is wrong;
@;3725;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 172.16.13.192:26677 -> 96.7.254.216:443 dropped by fw_reroute_bridge_fold Reason: Bridge reroute, cksum is wrong;

I am currently running R81 GA version, and the problem also occurs in R80.40
Can anyone assist me in solving this problem?

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Recommend a TAC case here.

0 Kudos