The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Traffic over VPN tunnel does not pass for several seconds during policy installation on Security Gateway (which causes traffic loss)
|
Technical Level
|
Solution ID |
sk55244 |
Technical Level |
|
Product |
IPSec VPN |
Version |
R75 (EOL), R76 (EOL), R77 (EOL), R77.10 (EOL), R77.20, R77.30 (EOL), R80.10 (EOL), R80.20, R80.30 |
Platform / Model |
All |
Date Created |
07-Oct-2010
|
Last Modified |
19-Apr-2021
|
Symptoms
Traffic over VPN tunnel does not pass for several seconds during or after policy installation on Security Gateway (which causes traffic loss).
Kernel debug ('fw ctl debug -m fw + drop
') shows:
... dropped by vpn_encrypt_chain Reason: encrypt drop;
Security Gateway with SAM card might enter a kernel panic (crash) in the following scenario:
- traffic is currently passing over VPN tunnel (encrypted UDP load)
- Security Gateway is rebooted
- instead of rebooting, Security Gateway enters a kernel panic
Cause
-
VPN Link Selection is being reset during policy installation. This causes timeouts until VPN peers can be resolved again.
Note: In some cases, certain VPN peers can take longer to re-establish, which would result in similar losses up to several minutes after policy push. (ID 02338534)
-
SAM card might crash in certain scenario while processing VPN traffic (related to the above cause). (ID 02277594)
Solution
|
Note: To view this solution you need to
Sign In
.
|