Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Drop Code: 726

AjishlalAjishlal Community Legend ✭✭✭✭✭

Hi all,

Any idea about the below drop code due to what?

DROPPED, Drop Code: 726(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2251_rqnke{Ejgem) 2:17)

Category: High End Firewalls
Reply
Tagged:

Answers

  • MustafaAMustafaA SonicWall Employee

    This is a typically (80-20 principle) due to Access Rule. That's the first thing I would check.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Ajishlal which Firmware, I had similar drops before 6.5.4.12. Allowed traffic per Rule was blocked for no reason because of a Firmware bug. I guess you already checked that the dropped traffic should be allowed by a proper rule.

    I'am not sure if routing to DropTunnelIf is causing the same Drop Code.

    --Michael@BWC

  • AjishlalAjishlal Community Legend ✭✭✭✭✭
    edited July 2023

    @MustafaA

    Its not about the ACL.

    I will explain the scenario;

    Published one internal service and its accessible from all location except 1.

    Previously the same issue happen at that time configured the source WAN interface (from where we published the Service) with "Enable Asymmetric Route Support" and helped me to resolve the issue.

    Now I am getting new drop code with below message:

    Nb: Packet capture done from the server hosted location

    Ethernet Header

     Ether Type: IP(0x800), Src=[**************], Dst=[***************]

    IP Packet Header

     IP Type: TCP(0x6), Src=[*****************], Dst=[*****************]

    TCP Packet Header

     TCP Flags = [SYN,], Src=[41234], Dst=[443], Checksum=0x21a

    Application Header

     HTTPS

    Value:[1]

    DROPPED, Drop Code: 726(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2251_rqnke{Ejgem) 2:17)

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    The current Firmware is SonicOS Enhanced 6.5.4.10-95n & its in production environment.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Ajishlal this was definitely a release which haunted me with drops for no reason. A reboot resolved the situation.

    Both possible solutions are disruptive and a pain for production environments.

    --Michael@BWC

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @BWC

    Fyi, Published one internal service and its accessible from all location except 1.

    When ever I am trying from that location I am getting the above drop code. Its really weird and confusing me.

    This published service and don't have any rule for location based / IP based.

Sign In or Register to comment.