Support Center > Search Results > SecureKnowledge Details
HTTP/HTTPS connections that should be accepted on a rule with 'Domain Object', do not pass through the Security Gateway
Symptoms
  • HTTP/HTTPS connections that should be accepted on a rule with 'Domain Object', do not pass through the Security Gateway.

  • Kernel debug (' fw ctl debug -m fw + drop ') shows:
    fw_log_drop_ex: Packet proto=6 ... dropped by fw_runfilter_ex Reason: F_INDOM;

Cause

The F_INDOM drop is a symptom for delay in the DNS reply when Domain Objects are configured in the Security policy.


Solution
Note: To view this solution you need to Sign In .