Support Center > Search Results > SecureKnowledge Details
Anti-Bot is dropping traffic although it is disabled
Symptoms
  • Traffic is dropped by the Anti-Bot [even if the blade is disabled].

  • On kernel debug (On R80.10: fw ctl debug -m MALWARE + all; fw ctl debug -m fw + conn vm drop. On R77.30 and below: fw ctl debug -m fw + malware conn vm drop) the following logs are seen:
    [fw4_0];xxxxxxxxxxx:{policy} : fw_mal_post_logsup_abs: logsup_acc_update() failed;
    [fw4_0];xxxxxxxxxxx:{policy} : fw_mal_module_send_log: post_logsup_cb() failed;
    [fw4_0];fw_log_drop_ex: Packet proto=6 172.20.x.x:[port_number] > 172.20.y.y:[port_number] dropped by fw_handle_first_packet Reason: Anti Malware;
    [fw4_0];After VM: < dir 0, 172.20.x.x:[port_number] > 172.20.y.y:[port_number] IPP 6 > (len=48) TCP flags=0x2 (SYN), seq=1f215f18, ack=0, data end=1f215f19 ;
    [fw4_0];VM Final action=DROP;

  • SmartView Tracker drop log for "Rule base match failure"

Cause

The mal_conns table has reached its limit. 

In R80.10, the timeout of each entry for mal_conns table changed to 130 seconds [instead of 10 seconds in R77.30]. When working with R80.10 VSX, the mal_conns table limit will be 25,000.

When the mal_conns table reaches it's limit, it will drop every connection that should be inspected by Threat Prevention blades.


Solution
Note: To view this solution you need to Sign In .