AnsweredAssumed Answered

Endpoint Connect drops due to Malware

Question asked by Martijn van der Graaf on Jan 23, 2019
Latest reply on Feb 14, 2019 by Martijn van der Graaf

Hi All,

 

One of our customer is reporting problems with Endpoint Connect. Sometimes users cannot connect to the gateway and  sometimes the connection is lost.

 

This is very random because some users can stay connected for more than 5 hours while other users cannot connect at all.

 

We ran a 'fw  ctl zdebug' and noticed the connection is drop due to Malware. See below, where x.x.x.x is the client and y.y.y.y is the gateway.

 

fw ctl zdebug + drop | grep x.x.x.x
;[vs_2];[tid_3];[fw4_3];fw_log_drop_ex: Packet proto=6 x.x.x.x:51120 -> y.y.y.y:443 dropped by fw_handle_first_packet Reason: Anti Malware;
;[vs_2];[tid_3];[fw4_3];fw_log_drop_ex: Packet proto=6 x.x.x.x:51122 -> y.y.y.y.:443 dropped by fw_handle_first_packet Reason: Anti Malware;
;[vs_2];[tid_3];[fw4_3];fw_log_drop_ex: Packet proto=6 x.x.x.x:51124 -> y.y.y.y:443 dropped by fw_handle_first_packet Reason: Anti Malware;

 

We have a case with Check Point and they would like to run a kernel debug. Problem with this is, it causes outage on the network (heavy load on the firewall) and we do not know when the probem occurs.

 

Has anyone seen this before?

 

Customer is at VSX R80.10 Take 169.

 

Regards,

Martijn.

Outcomes