I am currently having a very odd issue that I cannot get to the bottom of on pair of R80.10 gateways. I am seeing 'weird drops' on rules which are actually accept rules.
Here is one example:-
I open a browser on 192.168.3.14 and go to Intel.com.
The site opens ok but :-
fw ctl zdebug drop | grep 192.168.3.14
;[cpu_0];[fw4_1];fw_log_drop_ex: Packet proto=6 192.168.3.14:50702 -> 184.108.40.206:443 dropped by fw_send_log_drop Reason: Rulebase drop - on layer "Site0-Simplified-Policy Secur" rule 3;
Rule 3 is an accept rule!!!!
Any help appreciated.