The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
|
Traffic over VPN tunnel does not pass for several seconds during policy installation on Security Gateway (which causes traffic loss)
|
Technical Level
|
| Solution ID |
sk55244 |
| Technical Level |
|
| Product |
IPSec VPN |
| Version |
R75 (EOL), R76 (EOL), R77 (EOL), R77.10 (EOL), R77.20, R77.30 (EOL), R80.10, R80.20, R80.30 |
| Platform / Model |
All |
| Date Created |
07-Oct-2010
|
| Last Modified |
19-Apr-2021
|
Symptoms
Traffic over VPN tunnel does not pass for several seconds during or after policy installation on Security Gateway (which causes traffic loss).
Kernel debug ('fw ctl debug -m fw + drop') shows:
... dropped by vpn_encrypt_chain Reason: encrypt drop;
Security Gateway with SAM card might enter a kernel panic (crash) in the following scenario:
- traffic is currently passing over VPN tunnel (encrypted UDP load)
- Security Gateway is rebooted
- instead of rebooting, Security Gateway enters a kernel panic
Cause
-
VPN Link Selection is being reset during policy installation. This causes timeouts until VPN peers can be resolved again.
Note: In some cases, certain VPN peers can take longer to re-establish, which would result in similar losses up to several minutes after policy push. (ID 02338534)
-
SAM card might crash in certain scenario while processing VPN traffic (related to the above cause). (ID 02277594)
Solution
|
Note: To view this solution you need to
Sign In
.
|
