This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_M_Almas
Contributor
‎2021-05-28 11:36 AM
Jump to solution

Quick log growing with "IP multicast routing failed"

Hi all!

 

We're using a cluster of 15400 appliances running R80.40 in VSX (VSLS mode).

Since a few days ago our older logs started being deleted because of log files increasing way faster than before.

We found that the culprit is a message from 2 new appliances recently installed in one of our VLANs. Those appliances are trying to reach a bunch of multicast addresses and the Check Point gateway fails to resolve the route:

 

@;1403431;[vs_2];[tid_6];[fw4_6];fw_log_drop_ex: Packet proto=17 10.80.202.51:2252 -> 224.2.2.1:2251 dropped by fw_log_ip_routing_failure Reason: IP multicast routing failed (too many packets received before route was resolved);

 

We tried configuring Multicast Restrictions under the interface configuration for those multicast addresses but no luck. Also sk170922 doesn't seem to apply. Tried adding a adbkern.conf file to $PPKDIR/conf/ with the line "adp_mc_rt_hold_queue_len=20" and rebooting the gateways: still no luck. Also disabled the "Enable drop optimization" in the corresponding VS with the same result. No luck also in configuring a simple rulebase to just silently drop all the requests from this appliances...

 

The vendor of the appliances are working on a solution but it will take some time (why?!?!?).

Is there any chance that we could disable the logging of this events/errors or somehow silently dropping them?

 

Any help is welcome! 🙂

0 Kudos
1 Solution

Accepted Solutions
David_M_Almas
Contributor
‎2021-06-01 04:19 AM
In response to PhoneBoy
Jump to solution

So we did and the workaround is to set "fw_log_missing_route_packet" to '0' to disable logging of this errors.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2021-05-28 04:18 PM
Jump to solution

Recommend a TAC case.

David_M_Almas
Contributor
‎2021-06-01 04:19 AM
In response to PhoneBoy
Jump to solution

So we did and the workaround is to set "fw_log_missing_route_packet" to '0' to disable logging of this errors.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events