Checkpoint drop packet by IPS blade.

I just gone through the problem where checkpoint IPS blade dropping packet which is coming for non-compliant HTTP packets on port 8100.When I tried to sort out it in smartview tracker there is no drop observed traffic is dropped without smartView tracker logs then I tried to find with zdebug and observe dropped by “fwpslglue_chain Reason: PSL Reject: HTTP_DISPATCHER”. I tried google and found sk111579 There is mention Disclaimer: “This workaround is provided at administrator’s own risk” and it is asking to set the value of kernel parameter of security gateway.

fw ctl zdebug drop | grep 192.168.1.70
;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 XX.XX.XX.XX:8100 -> 192.168.1.70:59386  dropped by fwpslglue_chain Reason: PSL Reject: HTTP_DISPATCHER; 
;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 XX.XX.XX.XX:8100 -> 192.168.1.70:59386  dropped by fw_handle_first_packet Reason: Rulebase drop - rule 26; 

I just added destination IP in IPS exception because of destination is trusted for me and it’s working.

Checkpoint drop packet by IPS blade

Checkpoint drop packet by IPS blade-1

A R Amoodi

I’ m Abdul Rahman Amoodi, by Profession Network and Security Administrator by passion author and founder of Blogsol.org.

1 Comment

  1. Dear Abdul Rahman, It’s good to see a blog you are maintaining. Best wishes for the initiative. Let it be a good reference for the techies/admins who are searching for the rarest issues.

Leave a Reply

Your email address will not be published.


*