Support Center > Search Results > SecureKnowledge Details
SecureXL does not accelerate IPv4 packets with VLAN tag on Security Gateway in Bridge mode when IPv6 is enabled
Symptoms
  • Once IPv6 is enabled on Security Gateway in Bridge mode, output of 'fwaccel stats' shows that IPv4 traffic is not accelerated by SecureXL - output shows:

    • accel packets 0
    • accel bytes 0
    • PXL packets 0
    • PXL bytes 0
  • SecureXL SIM debug for IPv4 traffic ('sim dbg ...') shows:

    sim_filterin_do_deliver: delivering skb=0x..., on dev=0x... (brN), pkt_tagged=1, is_dev_hold=0;
  • SecureXL SIM debug for IPv6 traffic ('sim6 dbg ...') shows:

    sim_fromlinux: non-IP (0x8) vlan tagged packet on bridge device - deliver;
  • Example topology:

    Client - Router - VLAN - eth on Bridge1 [Security Gateway] eth on Bridge1 - VLAN - Router - Server
Cause

IPv4 packets with VLAN tag arrive on the bridge interface instead of the physical interface because SecureXL SIM module for IPv6 traffic (sim6) is handling the IPv4 packets with VLAN tag and passes them directly to the bridge interface.


Solution
Note: To view this solution you need to Sign In .