Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Juan_Carlos_Ald
Explorer

fwconn_key_init_links (OUTBOUND) failed

Hi Chekmates,

I´m seeing the following error:

;[cpu_2];[fw4_27];fw_log_drop_ex: Packet proto=6 10.a.a.a.a:12748 -> 207.166.94.186:443 dropped by fw_conn_post_inspect Reason: fwconn_key_init_links (OUTBOUND) failed;
;[cpu_24];[fw4_14];fw_log_drop_ex: Packet proto=6 b.b.b.b:25680 -> 207.166.86.186:443 dropped by fw_conn_post_inspect Reason: fwconn_key_init_links (OUTBOUND) failed;
;[cpu_12];[fw4_7];fw_log_drop_ex: Packet proto=6 c.c.c.c:34519 -> 104.47.145.202:443 dropped by fw_conn_post_inspect Reason: fwconn_key_init_links (OUTBOUND) failed;

a.a.a.a, b.b.b.b and c.c.c.c have one thing in particular, all McAffe web gateways, destination port is always port 443.

Any known issue on this community between McAffe web gateways and checkpoint

I am running on a R77.30 GAIA active/standby cluster.

Issues related to those messages are slownes or access issues on web sites.

Thanks!!!

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Can you describe the traffic flow between these servers, the gateway, and the Internet?

This may be the result of the Security Gateway seeing the same packet twice, which is not supported.

Juan_Carlos_Ald
Explorer

Host(s)>proxy servers>Internet Firewalls>Internet. 

Our network sends http/https traffic to this proxies, then it goes to the firewalls. Something that can also be observed is traffic not being correctly NATed ourbound (hide nat).

0 Kudos
PhoneBoy
Admin
Admin

I recommend opening a TAC case so this can be investigated.

Contact Support | Check Point Software 

0 Kudos
phlrnnr
Advisor

Did it end up being this?  Although it looks like this may be for R80.10.

Traffic not being NAT'ed correctly 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events