I have a question regarding drops during the packet capture.
What is the packet drop means - Firewall dropping any packet or firewall detect drops packet.?
Once i performed the packet capture at the same time i have run the command global counter but i didn't get any drop in counter.
So could you please let me know what is the meaning of this.
The drop stage captures packets that the firewall discards
This could be through policy action, threat detection, or packet malformation
Thank you for your reply.
I have configured a VPN tunnel Site A and site B.My client is in site A and the server belongs from Site B.
- In the security policy allowed traffic any with specific IP addresses b/w client and server.
- Once i copied any big file from Server to client i am getting drops packet in a packet capture.
- I have checked the files are copied through NBSS and SMB2 protocol.
- When i checked the drops packet in Wireshark, i can see multiple packets TCP retransmissions from server-side and 2 packets also from server side with error: - Notify Response, Error: STATUS_NOTIFY_CLEANUP.
- My concern is why the firewall is drop packets.
Note: - Files are copied successfully but it takes a too long time.
Global counters should help with this
It sounds like there may be packets sent out of order or out of window that the firewall is discarding
@reaperThanks you for your quick response.
While packet capture I have run the global counter but I didn't get any drops.
What steps i need to do for fix this issue. is this a firewall issue?
@Jafar_Hussainwhich counters did you see?
It sounds like a network issue you may be able to workaround by relaxing the firewalls tolerance if you are unable to address the network latency
I have seen show counter global filter packet-filter yes delta yes.
but didn't get any drops.
I am not getting this point workaround by relaxing the firewalls tolerance could you please brief.
@Jafar_Hussain there are several settings that can be set to be less strict (timers, out of window/order packets,...) So network problems are allowed to happen rather than prevented. We'll need to find the global counters you do see to properly advise what to try. Please share the global counters seen
Below is the result of counter command:-
I want to know only is there any issue with the firewall setting? because i have allowed all traffic b/w client and server.
or the traffic is going via a tunnel it may be cause this issue?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!