Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Having an issue with traffic going through sonicwall DROPPED, Drop Code: 712

Having some problems with any service apart from ping getting from dmz to lan on a NSA 6600


DROPPED, Drop Code: 712(Packet dropped - cache add cleanup drop the pkt), Module Id: 25(network), (Ref.Id: _2328_ecejgCffEngcpwr) 20:20)


I have followed the Try to disable "Enable TCP sequence number randomization"


Really annoying. I can ping said machine so the routing is working fine. I put an any statement between the two machines, but just get the above error

Category: High End Firewalls
Reply

Best Answers

  • CORRECT ANSWER
    SaravananSaravanan Moderator
    Answer ✓

    Hi @AEMBERSON,

    Thank you for visiting SonicWall Community.

    I would request you to furnish the complete packet details of the dropped packet. Most of the times, this drop code is for the RST packets which is expected.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • CORRECT ANSWER
    aembersonaemberson Newbie ✭
    Answer ✓

    After chatting to sonicwall support they found there was a static route on my core with was causing asymmetric routing. The pings were only going one way. Great support from them

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    See the page link above.

    From my experience the Cache Add Cleanup drop generally doesn't negatively affect traffic. It is simply cleaning up traffic that has been closed by TCPIP.

    If you have an issue passing traffic successfully than that is different and we'd need more information about your configuration and topology.

  • aembersonaemberson Newbie ✭
    edited January 2021

    Thanks. We are implementing always on vpn. We have the web server on a dmz coming off the sonicwall and the issuing CA on the lan. traffic does pass back and forth from the lan to the d_m_z fine as I managed to open the correct ports for sophos to install and update (sophos server in L_a_n), but I can't get the web page hosted in the dmz to work. I can ping the server so routing seems fine and the web page opens locally on the server.

    Dmz servers DG in the dmz interface of the sonicwall and dns is working fine aswell


    Here is the full packet monitor error

    Ethernet Header

     Ether Type: IP(0x800), Src=[00:50:56:9f:14:bd], Dst=[c0:ea:e4:f8:63:50]

    IP Packet Header

     IP Type: TCP(0x6), Src=[192.168.100.11], Dst=[172.16.11.26]

    TCP Packet Header

     TCP Flags = [SYN,ACK,], Src=[80], Dst=[60369], Checksum=0xbe4

    Application Header

     HTTP

    Value:[1]

    DROPPED, Drop Code: 712(Packet dropped - cache add cleanup drop the pkt), Module Id: 25(network), (Ref.Id: _2328_ecejgCffEngcpwr) 7:7)

  • Hi @aemberson,

    Thanks for the details.

    The packet flow is not proper via the SonicWall. This type of drop reason is thrown by the SonicWall only when the connection is already terminated between the source and destination but still further traffic flows on the terminated connection. Firewall drops such kind of traffic as it is its property.

    We may need to diagnose this in real-time. Could you please approach our support team and seek help on this?


    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • This was EXACTLY my problem! I had to go into my router and setup an additional route for the destination to go out the same path the original traffic was going. THANK YOU!!!!!!!!!

Sign In or Register to comment.