unknown drops...fwmultik_process_f2p_cookie_inner

Wolfgang · ‎2025-04-22

We see drops via "g_fw ctl zdedug drop" for connections between two proxies. We had some performance problems with several vidoconferencingsystems but we are not sure if this will be related.

Maybe someone saw this errors in the past and can be explain.

[1_01]@;2687694620.9248412;[vs_3];[tid_4];[fw4_4];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:50878 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_01]@;2687694622.9248413;[vs_3];[tid_4];[fw4_4];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:50878 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_01]@;2687694624.9248414;[vs_3];[tid_4];[fw4_4];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:50878 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_01]@;2687694626.9248415;[vs_3];[tid_4];[fw4_4];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:50878 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_01]@;2687815396.9322859;[vs_3];[tid_2];[fw4_2];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:34220 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE
[1_01]@;2687815397.9322860;[vs_3];[tid_2];[fw4_2];fw_log_drop_ex: Packet proto=6 Proxy_01:34220 -> Proxy_02:8080 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE
[1_03]@;2702488823.33144368;[vs_3];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_03:48020 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_03]@;2702488825.33144369;[vs_3];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_03:48020 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_03]@;2702488827.33144370;[vs_3];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_03:48020 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_03]@;2702488829.33144371;[vs_3];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_03:48020 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: TLS_PARSER
[1_01]@;2687815456.9322913;[vs_3];[tid_5];[fw4_5];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_01:34422 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE
[1_01]@;2687815457.9322914;[vs_3];[tid_5];[fw4_5];fw_log_drop_ex: Packet proto=6 Proxy_01:34422 -> Proxy_02:8080 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE
[1_03]@;2702488918.33144405;[vs_3];[tid_3];[fw4_3];fw_log_drop_ex: Packet proto=6 Proxy_02:8080 -> Proxy_03:48024 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE
[1_03]@;2702488919.33144406;[vs_3];[tid_3];[fw4_3];fw_log_drop_ex: Packet proto=6 Proxy_03:48024 -> Proxy_02:8080 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: MUX_PASSIVE

TAC case is already open to investigate, but no more information right now.

Chris_Atkinson · ‎2025-04-22

Which gateway version & Jumbo, is UserCheck enabled here out of interest?

CCSM R77/R80/ELITE

Wolfgang · ‎2025-04-22

R81.20 take 89, UserCheck is active with block page for malicious content.

G_W_Albrecht · ‎2025-04-22

sk177610: Security Gateway generates logs with the action "Redirect", although the Access Control ru...

sk164972: Websites time out instead of redirecting to UserCheck

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2025-04-22

For what its worth, because I feel like I always have to say this now, AI answers should be taken with grain of salt, below is what AI copilot gave me and when I search for this in KB, same sk @G_W_Albrecht provided came up (2nd one).

Andy

************************

The error messagefwmultik_process_f2p_cookie_inner Reason: Passive Streaming Layer Drop: MUX_PASSIVEindicates that the packet was dropped by the Passive Streaming Layer (PSL) due to a MUX_PASSIVE reason.

Explanation:

Passive Streaming Layer (PSL): This is an infrastructure layer in Check Point's security architecture that reassembles TCP packets into a protocol message. It ensures that only valid packets are allowed to proceed to their destinations by reordering packets and allowing inspection on the packets.
MUX (Multiplexer): This layer works between the Streaming layer and the Applications layer. It can choose to work over PSL (passive streaming) or CPAS (active streaming).

Possible Causes:

Invalid or Malformed Packets: The packet might be malformed or invalid, causing the PSL to drop it.
Performance Issues: There might be performance issues on the Security Gateway, causing delays or drops in packet processing.
Connectivity Issues: Network connectivity issues between the end-user computers and the Security Gateway might lead to packet drops.

Recommended Actions:

Examine Network Connectivity: Check for any network connectivity issues between the end-user computers and the Security Gateway.
Check Security Gateway Performance: Look for any performance issues on the Security Gateway that might be causing delays or drops in packet processing.
Review Logs: Analyze the logs to identify any patterns or specific conditions under which the packets are being dropped.

For more detailed information, you can refer to the related solutions:

sk109814 - What does "Redirect" action mean in Anti-Bot/Anti-Virus?

If the issue persists, consider opening a ticket with Check Point Support Center for further assistance.

Are you a member of CheckMates?