This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wolfgang
MVP Gold
MVP Gold
‎2025-04-22 01:44 AM

unknown drops...fwmultik_process_f2p_cookie_inner

We see drops via "g_fw ctl zdedug drop" for connections between two proxies. We had some performance problems with several vidoconferencingsystems but we are not sure if this will be related.

Maybe someone saw this errors in the past and can be explain.

[1_01]@;2687694620.9248412;[vs_3];[tid_4];[fw4_4];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:50878 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_01]@;2687694622.9248413;[vs_3];[tid_4];[fw4_4];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:50878 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_01]@;2687694624.9248414;[vs_3];[tid_4];[fw4_4];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:50878 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_01]@;2687694626.9248415;[vs_3];[tid_4];[fw4_4];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:50878 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_01]@;2687815396.9322859;[vs_3];[tid_2];[fw4_2];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:34220 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE
[1_01]@;2687815397.9322860;[vs_3];[tid_2];[fw4_2];fw_log_drop_ex: Packet proto=6 Proxy_01:34220 -> Proxy_02:8080 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE
[1_03]@;2702488823.33144368;[vs_3];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_03:48020 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_03]@;2702488825.33144369;[vs_3];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_03:48020 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_03]@;2702488827.33144370;[vs_3];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_03:48020 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_03]@;2702488829.33144371;[vs_3];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_03:48020 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_01]@;2687815456.9322913;[vs_3];[tid_5];[fw4_5];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:34422 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE
[1_01]@;2687815457.9322914;[vs_3];[tid_5];[fw4_5];fw_log_drop_ex: Packet proto=6 Proxy_01:34422 -> Proxy_02:8080 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE
[1_03]@;2702488918.33144405;[vs_3];[tid_3];[fw4_3];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_03:48024 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE
[1_03]@;2702488919.33144406;[vs_3];[tid_3];[fw4_3];fw_log_drop_ex: Packet proto=6 Proxy_03:48024 -> Proxy_02:8080 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE

TAC case is already open to investigate, but no more information right now.

0 Kudos
4 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-04-22 02:02 AM

Which gateway version & Jumbo, is UserCheck enabled here out of interest?

 

CCSM R77/R80/ELITE
0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2025-04-22 02:05 AM
In response to Chris_Atkinson

R81.20 take 89, UserCheck is active with block page for malicious content.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-04-22 02:44 AM

sk177610: Security Gateway generates logs with the action "Redirect", although the Access Control ru...

sk164972: Websites time out instead of redirecting to UserCheck

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
the_rock
MVP Platinum
MVP Platinum
‎2025-04-22 05:26 AM

For what its worth, because I feel like I always have to say this now, AI answers should be taken with grain of salt, below is what AI copilot gave me and when I search for this in KB, same sk @G_W_Albrecht provided came up (2nd one).

Andy

************************

The error messagefwmultik_process_f2p_cookie_inner Reason: Passive Streaming Layer Drop: MUX_PASSIVEindicates that the packet was dropped by the Passive Streaming Layer (PSL) due to a MUX_PASSIVE reason.

Explanation:

  • Passive Streaming Layer (PSL): This is an infrastructure layer in Check Point's security architecture that reassembles TCP packets into a protocol message. It ensures that only valid packets are allowed to proceed to their destinations by reordering packets and allowing inspection on the packets.
  • MUX (Multiplexer): This layer works between the Streaming layer and the Applications layer. It can choose to work over PSL (passive streaming) or CPAS (active streaming).

Possible Causes:

  1. Invalid or Malformed Packets: The packet might be malformed or invalid, causing the PSL to drop it.
  2. Performance Issues: There might be performance issues on the Security Gateway, causing delays or drops in packet processing.
  3. Connectivity Issues: Network connectivity issues between the end-user computers and the Security Gateway might lead to packet drops.

Recommended Actions:

  1. Examine Network Connectivity: Check for any network connectivity issues between the end-user computers and the Security Gateway.
  2. Check Security Gateway Performance: Look for any performance issues on the Security Gateway that might be causing delays or drops in packet processing.
  3. Review Logs: Analyze the logs to identify any patterns or specific conditions under which the packets are being dropped.

For more detailed information, you can refer to the related solutions:

  • sk109814 - What does "Redirect" action mean in Anti-Bot/Anti-Virus?

If the issue persists, consider opening a ticket with Check Point Support Center for further assistance.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events