Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jamesp
Explorer
Jump to solution

TCP segment out of maximum allowed

Hello

Hoping someone can help! I am relatively new to checkpoints, we are seeing a lot of packets dropped with this description

 

"https Traffic Dropped from XX.XXX.XXX.XXX to XX.XXX.XXX.XXX due to TCP segment out of maximum allowed sequence. Packet dropped."

 

This happens when users try to access an internal confluence site. Its very slow to load, I see a lot of the errors listed above, then eventually it will work and go through. So there isn't a rule blocking it as such. Its intermittent but repeatable. 

I did google for this and found an article suggesting that it could be high memory usage, I got up a CLI and run the TOP command whilst the issue was occuring however %mem was never high, cpu spiked here and there, usually with cphwd_w_init_ke at the top, but its certainly not sitting at 100pc. 

any help much appreciated!

Thanks

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

This is one of the sanity checks we perform by default on connections.
It can be triggered under load as described here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
You can disable this check or create a specific exception here:

image.png

Note these Inspection Settings are done in the firewall (not IPS) and require pushing the Access Policy to take effect.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

This is one of the sanity checks we perform by default on connections.
It can be triggered under load as described here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
You can disable this check or create a specific exception here:

image.png

Note these Inspection Settings are done in the firewall (not IPS) and require pushing the Access Policy to take effect.

0 Kudos
jamesp
Explorer

Hello

Thanks so much for your reply, so if I set that to allow instead, it should speed up the loading of the site?

 

Thanks

James

 

0 Kudos