I was working on a FG90D for a customer a while back and had just finished configuring some extra routes, but no traffic was passing through the device.
id=36870 pri=emergency trace_id=8 msg="iprope_in_check() check failed, drop"
This usually means a packets arrived where no forwarding or return routes exist, so the firewall drops it.
Knowing this I double (and triple!) checked the routes and routing table, and confirmed that everything was correct.
So having confirmed it's configured correctly, the could only assume that the routing table hasn't been refreshed when I added the new routes. This is something that's done automatically on the firewall when a change is made to the routing table (ex: a route has been added/deleted, interface up/down etc) but for some reason wasn't happening.
Using the below command I flushed the routing table and forced it to refresh:
diagnose firewall iprope flush
After that, the traffic is now routing correctly! :)
id=36870 pri=emergency trace_id=8 msg="iprope_in_check() check failed, drop"
This usually means a packets arrived where no forwarding or return routes exist, so the firewall drops it.
Knowing this I double (and triple!) checked the routes and routing table, and confirmed that everything was correct.
So having confirmed it's configured correctly, the could only assume that the routing table hasn't been refreshed when I added the new routes. This is something that's done automatically on the firewall when a change is made to the routing table (ex: a route has been added/deleted, interface up/down etc) but for some reason wasn't happening.
Using the below command I flushed the routing table and forced it to refresh:
diagnose firewall iprope flush
After that, the traffic is now routing correctly! :)
11 comments:
Thanks, It helped me with the same problem.
Thank you.. Its works me too.. :)
Thanks, that helped me a lot. Even with a reboot it did not work. But with this command it works.
Thanks a lot !
Perfect cure for my headache.
WOW you Saved Me from jumping out of the window
It's still valid. Cheers
perfect, many thanks
yeap! Very helpfull, thanks
many thanks
Thanks my dude
Post a Comment