Dynamic Dispatcher 'instance mismatch' drops on ports 80 and 443
|Platform / Model
- When the Dynamic Dispatcher is enabled together with SecureXL NAT templates, traffic on port 80 and 443 is dropped and the following messages appear in /var/log/messages:
fwmultik_dispatch_inbound: instance mismatch (on connection <IP address>(443) -^ <IP address>(24547) IPP 6): predefined says 2 lookup says 1)
- Drop traffic '
;[cpu_0];[fw4_0];fw_log_drop_ex: Packet proto=<protocol ID> <IP address>:<port> -> <IP address>:<port> dropped by fwmultik_dispatch_inbound Reason: Instance mismatch (inbound);'
- Disabling one of the features (Dynamic Dispatcher or NAT templates) resolves the issue,
- The sim_nat_port_alloc table may contain two or more entries for same allocated source port, when multiple hide translated connections are going to the same destination IP address.
- sim module tries to allocate the source port which is already marked as in use, then sim module may still allocate it again for a new connection.
Note: To view this solution you need to