Different functionality in R80.20 causes SecureXL to drop the packets as "Drop Out of State TCP Packets".
The following Kernel parameters were added to control SecureXL's behavior in this regard:
Note: In R80.20 Jumbo Hotfix Accumulator Take_48 and above, the sim_tcp_accept_out_of_state will automatically be configured according to the setting in: SmartConsole -> Global Properties -> Stateful Inspection -> Drop Out of state TCP Packets.
Every time this setting is changed, the policy needs to be installed again on the Security Gateway. Then verify the value of the parameter 'sim_tcp_accept_out_of_state' with:
# fw ctl get int sim_tcp_accept_out_of_state -a
The parameter value should be: '1'. If the output is '0':
- Configure the Policy to not drop packets on out of state in:
SmartConsole > Global Properties > Stateful Inspection > Drop Out of state TCP Packets.
- Install Policy on the security Gateway