Support Center > Search Results > SecureKnowledge Details
Connections to *.google.com domain are silently dropped when HTTP/HTTPS proxy is enabled on Security Gateway
Symptoms
  • Connections to *.google.com domain are silently dropped when HTTP/HTTPS proxy is enabled on Security Gateway.

  • Connections to *.google.com domain pass correctly when HTTP/HTTPS proxy is disabled on Security Gateway.

  • Connections to any other google domain (such as 'google.il', 'google.ba', 'google.hr') pass correctly regardless of the HTTP/HTTPS proxy state.

  • Kernel debug shows (when these flags are enabled - 'fw ctl debug -m fw + cmi span' , 'fw ctl debug -m kiss + pm' , 'fw ctl debug -m WS all'):
    ;cmik_loader_fw_pm_match_cb: signature id N matches app id X - SPAN_PORT; 
    ......
    ;span_port_cmi_handler_match_cb: called.;
    ;get_psl_stream: called.; 
    ;span_port_cmi_handler_match_cb: Couldn't retrieve the MAC header;
    ;[ERROR]: cmik_loader_fw_pm_match_cb: match_cb for CMI APP X failed;
    ;kiss_pm_exec_call_on_match: user match callback returned KISS_ERROR;
    ;cmi_execute_ex: Failed to execute the pattern matcher!; 
    
Cause

Port mirroring is enabled on the Security Gateway (also known as monitor mode / span port / port mirroring).


Solution
Note: To view this solution you need to Sign In .