The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
HTTP/HTTPS connections that should be accepted on a rule with 'Domain Object', do not pass through the Security Gateway
| Solution ID |
sk110687 |
| Product |
Security Gateway, ClusterXL, Cluster - 3rd party, VSX |
| Version |
R77.10, R77.20, R77.30 |
| Date Created |
24-Mar-2016
|
| Last Modified |
13-Jun-2018
|
Symptoms
HTTP/HTTPS connections that should be accepted on a rule with 'Domain Object', do not pass through the Security Gateway.
Kernel debug (' fw ctl debug -m fw + drop ') shows:
fw_log_drop_ex: Packet proto=6 ... dropped by fw_runfilter_ex Reason: F_INDOM;
Cause
The F_INDOM drop is a symptom for delay in the DNS reply when Domain Objects are configured in the Security policy.
Solution
|
Note: To view this solution you need to
Sign In
.
|
