Traffic over VPN tunnel does not pass for several seconds during policy installation on Security Gateway (which causes traffic loss)

SUPPORT CENTER
USER CENTER / PARTNER MAP
CYBER TALK FOR EXECUTIVES
THREAT INTELLIGENCE
UNDER ATTACK?
- We can help. Learn more about ThreatCloud Incident Response
RISK ASSESSMENT
MY ACCOUNT
- Phone
  
  General
  United States 1-800-429-4391
  International +972-3-753-4555
  
  Support
  24x7 Technical Support
  Americas: 1-972-444-6600
  International: +972-3-6115100
  Toll Free: 1-888-361-5030
- Locations
  
  United States
  Check Point Software Technologies Inc.
  959 Skyway Road
  Suite 300
  San Carlos, CA 94070
  MAP
  
  International
  Check Point Software Technologies Ltd.
  5 Ha'Solelim Street
  Tel Aviv 67897, Israel
  MAP
- Community
  CheckMates User Community
  Blog
- Chinese
- Japanese
- Russian

Support Center > Search Results > SecureKnowledge Details

Symptoms

Traffic over VPN tunnel does not pass for several seconds during or after policy installation on Security Gateway (which causes traffic loss).
Kernel debug ('fw ctl debug -m fw + drop') shows:
... dropped by vpn_encrypt_chain Reason: encrypt drop;
Security Gateway with SAM card might enter a kernel panic (crash) in the following scenario:
1. traffic is currently passing over VPN tunnel (encrypted UDP load)
2. Security Gateway is rebooted
3. instead of rebooting, Security Gateway enters a kernel panic

Cause

VPN Link Selection is being reset during policy installation. This causes timeouts until VPN peers can be resolved again.
Note: In some cases, certain VPN peers can take longer to re-establish, which would result in similar losses up to several minutes after policy push. (ID 02338534)
SAM card might crash in certain scenario while processing VPN traffic (related to the above cause). (ID 02277594)

Solution

Note: To view this solution you need to Sign In .

THREAT INTELLIGENCE