Support Center > Search Results > SecureKnowledge Details
When SecureXL is enabled, no ARP is sent and traffic fails
Symptoms
  • The Security Gateway accepts the traffic, but no ARP request is sent. When a ping is sent from the same source, it triggers an ARP request and the traffic starts to flow.

  • Disabling SecureXL resolves the issue.

  • Kernel debug ('fw ctl debug -m fw + conn vm drop') + SecureXL debug ('fwaccel dbg -m default + init offload del stat ') shows the following flow:
    [DATE TIME];[cpu_1];[SIM-206334880];handle_packet_do: ========== New Packet ==========;
    [DATE TIME];[cpu_1];[SIM-206334880];handle_packet_do: handling pkt ffff8101e62ef280 on eth2-01, conn , type/state VM/Lookup, ifnum 10, vsid 0, pkt_offset 0, protocol 2048;
    [DATE TIME];[cpu_1];[SIM-206334880];sim_db_get_any_conn: found conn , ci ffff8104367cf9b0;
    [DATE TIME];[cpu_1];[SIM-206334880];sim_db_get_any_conn: direction c2s;
    [DATE TIME];[cpu_1];[SIM-206334880];handle_packet_ci: conn: Lookup;
    [DATE TIME];[cpu_1];[SIM-206334880];handle_packet_ci: conn: QoS Inbound;
    [DATE TIME];[cpu_1];[SIM-206334880];handle_packet_ci: QoS on interface 10 inbound. send packet to QoS. conn: dst_sxl_dev_id:0 sim_sxl_dev_id:0 pkt_type:VM;
    [DATE TIME];[cpu_1];[SIM-206334880];handle_packet_ci: sim_qos_handle_packet (inbound) returned !SIMPKT_IN_FORWARD_TO_OUTBOUND (action=8);
    [DATE TIME];[cpu_1];[SIM-206334880];sim_qos_handle_resume_info: send to resume_from_qos for packet ffff8101e62ef280 ifindex:10 ;
    [DATE TIME];[cpu_1];[SIM-206334880];resume_from_qos: ifindex:10, pkt:ffff8101e62ef280 packet_dev:ffff81047cd52000 state:QoS Inbound;
    [DATE TIME];[cpu_1];[SIM-206334880];resume_from_qos: This is inbound qos resume;
    [DATE TIME];[cpu_1];[SIM-206334880];resume_packet: resuming packet from Inbound QoS to state QoS Inbound

Cause

SecureXL tries to send a packet marked as unresolved without resolving the destination using the neighbor lookup.
The result is that the packet is not sent correctly.


Solution
Note: To view this solution you need to Sign In .