Support Center > Search Results > SecureKnowledge Details
Traffic might be dropped with "Virtual defragmentation error: Timeout" log on 21000 series appliance with SAM card
Symptoms
  • Traffic might be dropped with "Virtual defragmentation error: Timeout" log when sent over a VPN tunnel established with Check Point 21000 series appliance with SAM card.

    Example of the log:

    Type = Log
    Action = Drop
    Protocol = tcp
    Information = message: Virtual defragmentation error: Timeout
                   ip_id: 12433
                   ip_len: 152
                   ip_offset: 1336
                   fragments_dropped: 8
                   during_sec: 60
    Product = Security Gateway/Management
    Product Family = Network
  • Disabling SecureXL resolves the issue.

Cause

Unique scenario: The problem occurs when a remote VPN endpoint fragments clear text packets (or receives clear text fragments) before encrypting them. The SAM card processes the encrypted packets successfully, but does not process the fragments within it. As a result, packets after the first fragment are dropped.


Solution
Note: To view this solution you need to Sign In .