Traffic is dropped on a Rule with an "Accept" Action

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk100636
Technical Level
Product	Security Gateway, SmartView Tracker
Version	R70, R71, R75, R76
OS	Gaia, SecurePlatform
Platform / Model	All
Date Created	31-May-2014
Last Modified	15-Dec-2015

Symptoms

In SmartView tracker, a "drop" log is shown for an Accept rule.
Firewall kernel debug ( fw ctl zdebug + drop) shows the traffic is dropped on the same rule it should be allowed on:
Reason: Rulebase drop - rule X"

Cause

A Network object is defined with a single IP address and a netmask of 255.255.255.255. Broadcast address is marked as "not included".

When a network is defined with a single IP address with netmask of 255.255.255.255, the IP of the network is the same IP as the broadcast address. If The Broadcast address is not included, the Network is removed.

Solution

Note: To view this solution you need to Sign In .