- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi Everyone,
I hope you can help me out sorting this one out, basically we have some VPN users that are trying to access a SQL database via MySQL Workbench and the IPS is for some reason dropping the traffic, from the debugs this is what I can see:
@;184396671;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 10.203.125.10:19993 -> 10.88.23.34:3306 dropped by fwpslglue_chain Reason: PSL Reject: INSPECT_STREAMING_0;
However I have been unable to find much information in regards to the drop reason.
Have you ever seen something like that or know what may be causing it?
Thanks in advanced for the assistance provided.
1) Use an IPS exception rule to allow the traffic for the IP (MySQL Server).
If this does not help, you can disable passive streaming (PSLXL) in SecureXL path for the IP with fast acceleration.
2) The fast acceleration feature lets you define trusted connections to allow bypassing deep packet inspection on R80.20 JHF103 and above gateways. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption. More here: R80.x - Performance Tuning Tip - SecureXL Fast Accelerator in R80.20 JHF103
What does IPS log say in SmartConsole?
1) Use an IPS exception rule to allow the traffic for the IP (MySQL Server).
If this does not help, you can disable passive streaming (PSLXL) in SecureXL path for the IP with fast acceleration.
2) The fast acceleration feature lets you define trusted connections to allow bypassing deep packet inspection on R80.20 JHF103 and above gateways. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption. More here: R80.x - Performance Tuning Tip - SecureXL Fast Accelerator in R80.20 JHF103
Hi Heiko,
Ideally I would want to avoid IPS exception as the source is all our VPN pool and the destination is our SQL databases so we would leave our SQL databases without IPS protection against VPN users.
Leo.
Hi,
Thank you for the inquiry. Reached our using a private message to further understand this specific case and assist.
Thanks,
Avi
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY