Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

6.5.4.11 - Some Packets dropped for allowed Traffic

BWCBWC Cybersecurity Overlord ✭✭✭
in Mid Range Firewalls

NSa 2650 - SonicOS 6.5.4.11

Hi,

I'am currently facing the issue, that some (usually 1 Message) of the syslog traffic I'am receiving from WAN is dropped with:

DROPPED, Drop Code: 726(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2251_rqnke{Ejgem) 2:2)

The odd thing is, that the Source IP of the sending Syslog Server is explicitly allowed in the Access Rule and it seems to happen when 3-5 Syslog Messages arriving in the same second. Only one Syslog Message out of this Bundle gets dropped, the other ones are going through.

This makes no sense to me, no further messages in the Event Log.

Did anyone experienced something similar and came up with a solution for it?

It's not that funny to lose Syslog Messages, Monitoring is there for a reason 😪

--Michael@BWC

Category: Mid Range Firewalls
Reply

Answers

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    I don't know what drop code UDP flood protection uses, but that might be worth checking.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Arkwright there will be a Log entry for Flood Protection, but it wasn't reported. Hopefully the 5 Messages per Second (probably around 10 Packets) will not hit the 20K limit which is configured at the moment :)

    I believe UDP Flood Protection has a seperate Drop Code, #171 or something.

    --Michael@BWC

Sign In or Register to comment.