cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

hosts traffic dropped sometimes

Hi All

Kindly guide me how I can troubleshoot the issue given below:

we have pair of sensors primary and secondary that are currently working in inline modes.Both of these sensors are connected with firewall that are also primary and secondary.Now there are two multiple interfaces connected between firewall and sensors.We have two interfaces that are firewall and firewall dmz connected.Now problem is that there is a WAF server that is behind firewall and sensors and when other hosts tried to connect it then traffic dropped but sometimes .we have no firewall policy or rule that will blocked the traffic .Also there is no quarantined host .Please help me how I can troubleshoot this issue ?Also if there is any command to run then let me know i will share with you the output

4 Replies
fkazi04
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: hosts traffic dropped sometimes

Hello @User27622125 

To isolate Sensor software as an issue, move the Sensor inspecting traffic in Layer2 bypass mode. If the issue persist, then the fault might be somewhere else. 

But if the issue is addressed, kindly get output as per below KB

https://kc.mcafee.com/corporate/index?page=content&id=KB70861

 

With necessary output, kindly reach out to support team for further assistance.

 

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: hosts traffic dropped sometimes

Hi Faizan

Thanks for your reply.Please note that  I have notice that when I run command  show inlinepacketdrop all on sensor cli then I got a bigger count against L7DDoS packets drop however on other sensors there is no such a big count Also please check attached file output

fkazi04
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: hosts traffic dropped sometimes

Hello @User27622125 

The counters are accumulated from device last reboot or manually cleared otherwise. At the time of issue you may run packet drop command for interface and check which counters are increasing.

For Layer7ddos, you can disable it from Inspection Option Policy.

 

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: hosts traffic dropped sometimes

Hi Faizan

We I investigated with support team that counter of L7DDOS was increasing and communication was on port 80 and 443. there was timeout at client end and when we disabled scanning of port 80 and 443 then issue was resolved i want to know that why timeout was occurred Is there any attacks generated by endpoints ? what is the impact on performance if we enable L7DDos option in inspection policy?what is the purpose of L7DDOs in nsm?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community