This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
lcorrea
Explorer
‎2020-08-06 02:58 PM

IPS dropping legitimate traffic

Jump to solution

Hi Everyone,

 

I hope you can help me out sorting this one out, basically we have some VPN users that are trying to access a SQL database via MySQL Workbench and the IPS is for some reason dropping the traffic, from the debugs this is what I can see:

 

@;184396671;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 10.203.125.10:19993 -> 10.88.23.34:3306 dropped by fwpslglue_chain Reason: PSL Reject: INSPECT_STREAMING_0;

 

However I have been unable to find much information in regards to the drop reason.

 

Have you ever seen something like that or know what may be causing it?

 

Thanks in advanced for the assistance provided.

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion
Champion
‎2020-08-09 11:32 AM

Jump to solution

1) Use an IPS exception rule to allow the traffic for the IP (MySQL Server).

If this does not help, you can disable passive streaming (PSLXL) in SecureXL path  for the IP with fast acceleration.

2) The fast acceleration feature lets you define trusted connections to allow bypassing deep packet inspection on R80.20 JHF103 and above gateways. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption. More here: R80.x - Performance Tuning Tip - SecureXL Fast Accelerator in R80.20 JHF103

View solution in original post

0 Kudos
5 Replies
MartinTzvetanov
Collaborator
‎2020-08-07 06:16 AM

Jump to solution

What does IPS log say in SmartConsole?

0 Kudos
lcorrea
Explorer
‎2020-08-10 07:35 AM
In response to MartinTzvetanov

Jump to solution

Hi Martin,

 

Attached is what I'm getting on SmartConsole.

 

Leo.

 

Preview file
74 KB
0 Kudos
HeikoAnkenbrand
Champion
Champion
‎2020-08-09 11:32 AM

Jump to solution

1) Use an IPS exception rule to allow the traffic for the IP (MySQL Server).

If this does not help, you can disable passive streaming (PSLXL) in SecureXL path  for the IP with fast acceleration.

2) The fast acceleration feature lets you define trusted connections to allow bypassing deep packet inspection on R80.20 JHF103 and above gateways. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption. More here: R80.x - Performance Tuning Tip - SecureXL Fast Accelerator in R80.20 JHF103

0 Kudos
lcorrea
Explorer
‎2020-08-10 07:37 AM
In response to HeikoAnkenbrand

Jump to solution

Hi Heiko,

 

Ideally I would want to avoid IPS exception as the source is all our VPN pool and the destination is our SQL databases so we would leave our SQL databases without IPS protection against VPN users.

 

Leo.

0 Kudos
Avi_Bechor
Employee
Employee
‎2020-08-09 11:20 PM

Jump to solution

Hi,

Thank you for the inquiry. Reached our using a private message to further understand this specific case and assist.

 

Thanks,

Avi

0 Kudos