This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sx8n20394
Contributor
‎2026-02-03 10:21 PM

Traffic Dropped - Reason: fwmultik_f2p_cookie_outbound_and_routing failed

I have a TAC case open for this but I wanted to know if anyone else is experiencing this on R82.00.05 (998000913). 

This is our first time deploying a 2500 series Quantum Spark. We put in a new firewall for a client and are getting traffic dropped like crazy with the following error:

dropped by fwmultik_process_f2p_packet_inner Reason: fwmultik_f2p_cookie_outbound_and_routing failed.

We enabled PMTUD and even tried to Allow Accept out of state TCP packets with no luck. We eventually turned off SecureXL and the traffic stopped dropping. I then turned SecureXL back on and then cleared all of the connections via: "fw tab -t connections -x -y". Traffic stated steady for about an hour and then started dropping again. Support said they would send it to the escalation team but I wanted to know if anyone else has run into this. 

 

0 Kudos
10 Replies
Alex-
MVP Silver
MVP Silver
‎2026-02-03 11:44 PM

You might want to consider R82.00.10 if you can.

We let it run in staging mode for a while before going into production and no issues to report on 1535.

A customer is running a 2500 and didn't report issues either. However, if you have TAC engaged, they will provide the relevant steps.

0 Kudos
sx8n20394
Contributor
‎2026-02-04 06:38 PM
In response to Alex-

The TAC got back to me and told me the escalation team recommended R82.00.10 Build 998001562. The TAC support person said there is nothing in the release notes about fixing SecureXL issues but it was still recommended to upgrade. This client is one of our biggest and most delicate (lots of on-prem business critical applications) so we are going to wait until we get someone onsite to do the firmware upgrade just incase it becomes unresponsive, etc.

(1)
the_rock
MVP Diamond
MVP Diamond
‎2026-02-04 06:44 PM
In response to sx8n20394

Definitely wise idea.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
sx8n20394
Contributor
‎2026-02-04 06:46 PM
In response to the_rock

Do you know if anyone has reported any issues with R82.00.10 Build 998001562 or issues updating? I have upgraded quite a few Checkpoints in the past 10 years (r77, r81) and never actually had an issue. This is more of a management decision in regards to waiting for someone to go onsite.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-04 06:53 PM
In response to sx8n20394

Personally, I dont know of anyone having an issue updating to it. 

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-02-04 10:46 PM
In response to sx8n20394

If it is a political decision that someone should be on site to provide support when needed, then it is pointless to argue against it with technical arguments, unless you have out-of-band management. Political decisions always take precedence.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
sigal
Employee
Employee
‎2026-02-04 12:24 AM

Hi, 
Can you please share more details about your topology? Which traffic is dropped? Which Software Blades are enabled?

Thanks.

0 Kudos
sx8n20394
Contributor
‎2026-02-04 04:18 AM
In response to sigal

Traffic is almost all completely random. Most of the traffic dropping is 443 but there are others port 4001,2001, etc that are for different applications.

One specific situation is that people on the remote access VPN cannot access an internal site until they ping the site first. After that they can access it.

The network is just one flat network, nothing fancy.

All blades enabled.

0 Kudos
sx8n20394
Contributor
4 weeks ago

Unfortunately, upgrading firmware didn't help. Still the same traffic dropping with:

wmultik_process_f2p_packet_inner Reason: fwmultik_f2p_cookie_outbound_and_routing failed;

0 Kudos
the_rock
MVP Diamond
MVP Diamond
4 weeks ago
In response to sx8n20394

I would let TAC know, as you already have the case opened. At this point, sounds like there might be need for some further debugs...just my educated guess.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events