This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jamesp
Explorer
‎2023-01-25 07:03 AM
Jump to solution

TCP segment out of maximum allowed

Hello

Hoping someone can help! I am relatively new to checkpoints, we are seeing a lot of packets dropped with this description

 

"https Traffic Dropped from XX.XXX.XXX.XXX to XX.XXX.XXX.XXX due to TCP segment out of maximum allowed sequence. Packet dropped."

 

This happens when users try to access an internal confluence site. Its very slow to load, I see a lot of the errors listed above, then eventually it will work and go through. So there isn't a rule blocking it as such. Its intermittent but repeatable. 

I did google for this and found an article suggesting that it could be high memory usage, I got up a CLI and run the TOP command whilst the issue was occuring however %mem was never high, cpu spiked here and there, usually with cphwd_w_init_ke at the top, but its certainly not sitting at 100pc. 

any help much appreciated!

Thanks

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-01-25 06:03 PM
Jump to solution

This is one of the sanity checks we perform by default on connections.
It can be triggered under load as described here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
You can disable this check or create a specific exception here:

image.png

Note these Inspection Settings are done in the firewall (not IPS) and require pushing the Access Policy to take effect.

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-05 12:57 PM
In response to Matlu
Jump to solution

Is it expected behavior? Depends on the exact traffic involved.
The protection itself might not cause extra memory usage, but the client's reaction to the connection dropping might.
Regardless, if this is happening with a specific, trusted source or destination on a regular basis, your best bet is to create an exception for this protection.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2023-01-25 06:03 PM
Jump to solution

This is one of the sanity checks we perform by default on connections.
It can be triggered under load as described here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
You can disable this check or create a specific exception here:

image.png

Note these Inspection Settings are done in the firewall (not IPS) and require pushing the Access Policy to take effect.

0 Kudos
jamesp
Explorer
‎2023-01-26 03:24 AM
In response to PhoneBoy
Jump to solution

Hello

Thanks so much for your reply, so if I set that to allow instead, it should speed up the loading of the site?

 

Thanks

James

 

0 Kudos
Matlu
Advisor
‎2023-09-04 01:34 PM
In response to PhoneBoy
Jump to solution

Hello,

I have the same scenario.

The memory, is exceeding the 90% usage threshold.

PC.png

The message is the same as reported at the beginning of this post.

It is an "expected behavior" (normal), that this kind of alerts occur, and that the memory is "triggered" in terms of its consumption?

I have checked sk114529, but I don't see any definitive "solutions".

Could someone recommend me, what kind of solution can be applied for this scenario, please?

Regards.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-05 12:57 PM
In response to Matlu
Jump to solution

Is it expected behavior? Depends on the exact traffic involved.
The protection itself might not cause extra memory usage, but the client's reaction to the connection dropping might.
Regardless, if this is happening with a specific, trusted source or destination on a regular basis, your best bet is to create an exception for this protection.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events