Firewall 将数据包与计数器"flow_fpga_rcv_igr_L4CHKSUMERR"一起丢弃

Firewall 将数据包与计数器"flow_fpga_rcv_igr_L4CHKSUMERR"一起丢弃

44310
Created On 04/28/19 08:51 AM - Last Modified 11/21/23 21:26 PM


Symptom


Firewall 当网络处理器 FPGA ()无法验证数据包的L4检查时,将数据包丢弃"flow_fpga_rcv_igr_L4CHKSUMERR"。 下面的一组计数器可以在以下的全球柜台上看到 firewall :
 
flow_fpga_rcv_igr_PROTO                    3        0 info      flow      offload   FPGA IGR Exception: PROTO
flow_fpga_rcv_igr_L4CHKSUMERR              3        0 info      flow      offload   FPGA IGR Exception: L4CHKSUMERR
flow_fpga_ingress_exception_err            3        0 drop      flow      offload   Packets dropped: receive ingress exception error from offload processor

Environment


PA-3200 和 PA-5200 系列防火墙

Cause


当数据包损坏且未通过支票验证时,就会看到"flow_fpga_rcv_igr_L4CHKSUMERR"。

Resolution


firewall由于默认启用了严格的 L4 检查验证,预计该数据包将丢弃此类数据包。

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLpNCAW&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language