HTTP/HTTPS connections that should be accepted on a rule with 'Domain Object', do not pass through the Security Gateway

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk110687
Technical Level
Product	Quantum Security Gateways, ClusterXL, Cluster - 3rd party, VSX
Version	R77.10 (EOL), R77.20, R77.30 (EOL)
Date Created	24-Mar-2016
Last Modified	13-Jun-2018

Symptoms

HTTP/HTTPS connections that should be accepted on a rule with 'Domain Object', do not pass through the Security Gateway.
Kernel debug (' fw ctl debug -m fw + drop ') shows:
fw_log_drop_ex: Packet proto=6 ... dropped by fw_runfilter_ex Reason: F_INDOM;

Cause

The F_INDOM drop is a symptom for delay in the DNS reply when Domain Objects are configured in the Security policy.

Solution

Note: To view this solution you need to Sign In .