AnsweredAssumed Answered

Post R80.10 Mgmt Upgrade - APP/URL filtering silently dropping traffic

Question asked by Matt Taber on Feb 9, 2018
Latest reply on Feb 22, 2018 by Günther W. Albrecht

Post management R80.10 upgrade things were fine after the 1st few policy pushes.  It wasn't until we installed database, and pushed policy we started seeing: "dropped by fwpslglue_chain Reason: PSL Reject: internal - reject enabled;" in fw ctl zdebug drop on our R77.30 clusters.  This is mainly HTTPS traffic that is being permitted by the FW blade, but dropped anyhow.

 

I found sk33328 which clears out $FWDIR/state directory to resolve policy corruption issues and is the same SK CP support has advised.  This is a nuclear option, however as both MGMT and gateways need to be cpstop'd.

 

Have any of you run into this issue before and did you have a solution other than what was described in this SK?

Outcomes