Who rated this post

Dear @PhoneBoy and @Teams

I have been facing this issue for long time. Actually i have two image to show you as a case

Case : Image 1 

On the first image the traffic is seen as accept by rule 21.1 with the reason Connection terminated before detection: Insufficient data passed. To learn more see sk113479.

This traffic is also match on rule 21.2 which is a accept rule on port 80.

Results: The connection was block even though there is a accept policy rule 21.2 for this traffic.

 Case : Image 2 

On the Second image the traffic is seen as drop by rule Sub Cleanup Rule with the reason Connection terminated before detection: Insufficient data passed. To learn more see sk113479.

This traffic is also match on Sub-Cleanup Rule which is a drop rule for unmatched traffic.

Results: The connection was block by the Sub Cleanup Rule but unfortunately we can see the traffic is being passed and is allowed on the core firewall where there is the policy for this traffic. 

Conclusion: 

Can you Please explain me what does Connection terminated before detection: Insufficient data passed. To learn more see sk113479 means. This reason is seen on both accept and drop logs and when it says accept the traffic is actually still block and when it say drop by external firewall the same traffic is seen as allow in internal firewall with the same checkpoint vendor firewall. What kind of this behavior it is i really can't understand. i have verify all the policy rule and the traffic, all the source ip and destination ip and the service port is the same. Also have latest hotfix installed for r80.20.

@PhoneBoy  Need your help to understand this. there might be some explanation or solution for this.