Support Center > Search Results > SecureKnowledge Details
"ICMP error does not match an existing connection" log in SmartView Tracker Technical Level
Symptoms
  • SmartView Tracker log shows:

    ICMP: Port Unreachable; ICMP Type 3; ICMP Code 3 message_info: ICMP error does not match an existing connection
  • Kernel debug (fw ctl debug -m fw + conn drop vm) shows:

    ;FW-1: fw_log_bad_conn_ex: reason ICMP error does not match an existing connection;
    ;fw_log_drop_ex: Packet proto=1 ... dropped by fw_first_packet_state_checks Reason: ICMP error does not match an existing connection;
    ;fw_handle_first_packet: first packet state violation (action=VANISH);
    ;fw_filter_chain: handle_first_packet returned action VANISH for new conn;
    
Cause

ICMP Error packet arrives through the firewall while the original connection (For which the ICMP error was generated) did not go through the firewall. (For example, asymmetric routing).


Solution
Note: To view this solution you need to Sign In .