Different functionality in R80.20 causes SecureXL to drop the packets as "Drop Out of State TCP Packets".
The following Kernel parameters were added to control SecureXL's behavior in this regard:
Note: In R80.20 Jumbo Hotfix Accumulator Take_48 and above, the sim_get_tcp_accept_out_of_state_vs will automatically be configured according to the setting in: SmartConsole -> Global Properties -> Stateful Inspection -> Drop Out of state TCP Packets.
Every time this setting is changed, the policy needs to be installed again on the Security Gateway. Then verify the value of the parameter 'sim_get_tcp_accept_out_of_state_vs' with:
# fw ctl set int sim_get_tcp_accept_out_of_state_vs <vsid> -a
# fw ctl get int sim_get_tcp_accept_out_of_state_vs -a
The parameter value should be: '1'. If the output is '0':
- Configure the Policy to not drop packets on out of state in:
SmartConsole > Global Properties > Stateful Inspection > Drop Out of state TCP Packets.
- Install Policy on the security Gateway