Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
lcorrea
Explorer
Jump to solution

IPS dropping legitimate traffic

Hi Everyone,

 

I hope you can help me out sorting this one out, basically we have some VPN users that are trying to access a SQL database via MySQL Workbench and the IPS is for some reason dropping the traffic, from the debugs this is what I can see:

 

@;184396671;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 10.203.125.10:19993 -> 10.88.23.34:3306 dropped by fwpslglue_chain Reason: PSL Reject: INSPECT_STREAMING_0;

 

However I have been unable to find much information in regards to the drop reason.

 

Have you ever seen something like that or know what may be causing it?

 

Thanks in advanced for the assistance provided.

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion

1) Use an IPS exception rule to allow the traffic for the IP (MySQL Server).

If this does not help, you can disable passive streaming (PSLXL) in SecureXL path  for the IP with fast acceleration.

2) The fast acceleration feature lets you define trusted connections to allow bypassing deep packet inspection on R80.20 JHF103 and above gateways. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption. More here: R80.x - Performance Tuning Tip - SecureXL Fast Accelerator in R80.20 JHF103

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

0 Kudos
5 Replies
MartinTzvetanov
Advisor

What does IPS log say in SmartConsole?

0 Kudos
lcorrea
Explorer

Hi Martin,

 

Attached is what I'm getting on SmartConsole.

 

Leo.

 

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

1) Use an IPS exception rule to allow the traffic for the IP (MySQL Server).

If this does not help, you can disable passive streaming (PSLXL) in SecureXL path  for the IP with fast acceleration.

2) The fast acceleration feature lets you define trusted connections to allow bypassing deep packet inspection on R80.20 JHF103 and above gateways. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption. More here: R80.x - Performance Tuning Tip - SecureXL Fast Accelerator in R80.20 JHF103

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
lcorrea
Explorer

Hi Heiko,

 

Ideally I would want to avoid IPS exception as the source is all our VPN pool and the destination is our SQL databases so we would leave our SQL databases without IPS protection against VPN users.

 

Leo.

0 Kudos
Avi_Bechor
Employee
Employee

Hi,

Thank you for the inquiry. Reached our using a private message to further understand this specific case and assist.

 

Thanks,

Avi

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events