The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Traffic drop after adding rules with Domain object and installing policy
Technical Level
Solution ID
sk133253
Technical Level
Product
Security Gateway
Version
R80.10
OS
Gaia
Date Created
31-Jul-2018
Last Modified
01-Apr-2020
Symptoms
Traffic drop after adding rules with Domain object and installing policy. This traffic is allowed in the Security Policy.
Running kernel debug (fw ctl zdebug + drop) is showing a drop on a rule number which does not match the source or destination of that traffic.
Several hundreds of domain objects are configured in the security policy.
Similiar errors in the /var/log/messages file:
[DATE TIME] kernel: [fw4_2];[ERROR]: up_manager_resume_chain: fwhold_send failed. chain will be dropped by the fwhold API
[DATE TIME] kernel: [fw4_2];[ERROR]: up_manager_perform_action: up_manager_resume_chain failed
[DATE TIME] kernel: [fw4_2];[ERROR]: network_classifiers_domain_async_timeout_cb: the 'perform_action' callback function failed
