This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Don_Paterson
Advisor
‎2023-04-28 08:49 AM

https Traffic Dropped ... due to Out of sequence TCP packet retransmission. Stripping all packet dat

Trying to understand what the exact cause/s for this PSL drop might be.

Anyone else seen it and found out more?

Log image attached. SK reference image attached.

"https Traffic Dropped from ... to ... due to Out of sequence TCP packet retransmission. Stripping all packet data. Please refer to sk172266."

Preview file
56 KB
Preview file
53 KB
0 Kudos
6 Replies
the_rock
Legend
Legend
‎2023-04-28 09:06 AM

I had this issue with customers couple times and below is what we did to fix it. Not saying it would work for you, but thats what did work in our case. Just need to put in affected IPs/subnets in both src/dst

Andy

 

Screenshot_1.png

 

 

0 Kudos
Don_Paterson
Advisor
‎2023-04-28 09:12 AM
In response to the_rock

Nice. Thanks!

I'm looking at SK122072 
https://support.checkpoint.com/results/sk/sk122072

"

Solution
These logs can be safely ignored and disabled by setting the following kernel parameter:

# fw ctl set int psl_disable_keepalive_logs 1

"

But also thinking about MTUs, ring buffer sizes and also elephant flow (Hyperflow).
https://support.checkpoint.com/results/sk/sk42181

 

EDIT:

+ This is about image files being transferred over the network.

0 Kudos
the_rock
Legend
Legend
‎2023-04-28 09:35 AM
In response to Don_Paterson

Well, here is my logic about this, and not only this, but really any traffic problem...so IF those logs are indication of the actual issue, then it needs to be addresses. However, if you see them, but you are simply curious why they are there (but no any other problems), then those SKs would make sense.

Also, all tcp out of state means, in most simple terms, is this...communication is broken somewhere, along the way...3-way handshake is not happening properly.

Andy

0 Kudos
Don_Paterson
Advisor
‎2023-04-28 09:39 AM
In response to the_rock

ACK. Agree.

Did you confuse Out of Sequence with Out of State? 😉


0 Kudos
the_rock
Legend
Legend
‎2023-04-28 09:43 AM
In response to Don_Paterson

I did, sorry lol. Did not get much sleep, had Fortigate cutover at 4.30 am, so my apologies.

the_rock
Legend
Legend
‎2023-04-28 09:44 AM
In response to Don_Paterson

But here is bigger question...is there an ACTUAL traffic issue, or are you simply concerned about the logs you see?

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events