Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mikael
Employee Employee
Employee

R81.20 JHF41 TCP Handshake counter fills up

Hello,

Has anyone else seen this issue where the TCP Handshake and connections counter seems to fill up the 64-bit counter?

2024-02-06_16-50-54.jpg

We have seen this on multiple customers, all running R81.20 JHF41 and it seems to affect both regular clusters as well as VSX VS's.

I found this while troubleshooting an issue where the customer reported traffic drops while pushing policy...

Cheers

0 Kudos
12 Replies
the_rock
Legend
Legend

I believe its known problem. I also seen it myself and mentioned to TAC on an unrelated case and guy said they were aware. I never opened an official case, but never asked who is aware and who is working on a fix. He seemed to suggest its more of a cosmetic issue, but I sadly have no proof of that.

Best,

Andy

0 Kudos
Mikael
Employee Employee
Employee

Ok, good to know that I'm not alone 😀

I will open a case to have an official reference.

Cheers

0 Kudos
the_rock
Legend
Legend

I agree, better get an official answer.

Best,

Andy

0 Kudos
CheckPointerXL
Advisor
Advisor

maybe PRHF-31092 ?  ( traffic drops while pushing policy)

available only on custom hotfix

the_rock
Legend
Legend

I think that is related to your post from end of November 2023. I dont see that PRHF  listed in fixed IDs...either take 41 or 45, the latest one.

Andy

https://community.checkpoint.com/t5/General-Topics/R81-20-T26-Traffic-disruption-during-policy-insta...

0 Kudos
AkosBakos
Leader Leader
Leader

HI Mikael,

We found your article today. Let's say, same here. (we have MAESTRO)

Do we know the exact solution? We got a hotfix from TAC (fw1_wrapper_HOTFIX_R81_20_JHF_T41_844_MAIN_GA_FULL.tar) and we will install it tonight.

Does it solve the policy install problem?

Br

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Mikael
Employee Employee
Employee

Not sure about the policy install issue. In our case it seems to have been solved by changing the settings to “keep all connections”. This issue with the counter filling up is still under investigation by TAC. 

0 Kudos
AkosBakos
Leader Leader
Leader

Hi, we set the “keep all connections”, but this didn't solve the issue. A lot of clusters have the "rematch connections" by our customers, and they didn't report any issue. 

Please post if the TAC gives a good solution. I am curious 🙂

A

----------------
\m/_(>_<)_\m/
0 Kudos
Jan_Kleinhans
Advisor

Hi,

do you have any solution? Do you see any log entries when traffic is dropped?

Jan

0 Kudos
AkosBakos
Leader Leader
Leader

Hi Jan,

We received a custom hotfix, for the original issue (during policy installation the connentions are dropped).

After the installation everything works as expected.

Cheers

Akos

----------------
\m/_(>_<)_\m/
Julian_Wagner
Explorer

We are experiencing the same issue. 
Did someone got an official answer from Check Point, or at least know if it was resolved in R81.20 Take 70?

 

0 Kudos
AkosBakos
Leader Leader
Leader

Hi @Julian_Wagner 

It has already fixed in take 54:

 

PRJ-50761,

PRHF-31092

Security Gateway

On Security Gateways with enabled Hyper Flow feature, during policy installation and re-offload process of the connections, accelerated connections may be interrupted. Refer to sk181671.

 

Cheers

Akos

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events