- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: dropped by misp_rt_chain ?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dropped by misp_rt_chain ?
Hello All,
Can you please help me to understand the below debug.
[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=47 65.**.**.123:0 -> 165.**.**.12:2048 dropped by misp_rt_chain Reason: Interface is inactive;
;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=47 65.**.**.123:0 -> 165.**.**.12:2048 dropped by misp_rt_chain Reason: Interface is inactive;
Not sure what dropped by misp_rt_chain means.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can set it on a per service basis or per management domain, not per gateway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"Multiple ISP" aka ISP Redundancy. I'm guessing "rt" stands for routing, as in the packet can't be routed to one of your ISPs as the interface associated with that ISP is not working or defined incorrectly.
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @Timothy_Hall
Yes, that's right we have 2 ISPs on that device.
Also, Primary ISP was down during the logs.
But why this traffic is still trying to go out via primary ISP when it was down?
Is anything related to old connections, Any suggestion?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Most likely it's an old connection.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @PhoneBoy
Thanks for your response. Understood old connection should be trimmed out or should be reinitiated.
Do we have any option to change the connection timer based on a protocol to a specific gateway?
(We can do the same from CMA global properties but that will be global. is there any option to do the same on gateway level)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can set it on a per service basis or per management domain, not per gateway.