Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Anuj_Kumar
Participant

fw_spii_execute_inspections Reason: spii inspection matrix drop

Hello Mates

We are getting following drop for RPC service  on our firewall gateways(R77.30)after checkpoint latest IPS database update. our   Managment server on (r80.10). we recently restore migrate update backup.after that we seen this kind of drops.we restored older version of ips database and issue has been fix . but when we again update ips database same issue again .

;[cpu_0];[fw4_1];fw_log_drop_ex: Packet proto=6 10..xx.xx.xx:53382 -> 141.xx.xx.xx:135 dropped by fw_spii_execute_inspections Reason: spii inspection matrix drop;

;[cpu_0];[fw4_1];fw_log_drop_ex: Packet proto=6 10..xx.xx.xx:53382 -> 141.xx.xx.xx:135 dropped by fw_spii_execute_inspections Reason: spii inspection matrix drop;

Can anyone help on this ?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

0 Kudos
genisis__
Leader Leader
Leader

I'm having the same issue.

 

Manager is R80.30 and the GWs are R80.20 with the latest GA Jumbo.  I have a TAC case running and specialist Mcast TAC engineer.

We both looked at the SK and asked why on earth is a reboot required!

 

Additional I added an exception for this signature, it and it did not make a difference, more worrying is that the drops are only seen using fwl ctl zdebug drop, we see nothing in the logs.

0 Kudos
Timothy_Hall
Champion
Champion

Make sure that the service object's name matching the syslog traffic does not contain a reserved word, as that can trip up the inspection engine in unexpected ways:  sk40179 - What are the characters and reserved words forbidden for use in Check Point FireWall-1.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events