Interface state unknown using fw monitor

[stefanjuon@yahoo.com]

Why is the interface eth6.98, which should be choosen as outgoing interface
for traffic from 192.168.158.180 to 192.168.140.230, printed out as
unknown? Is there any configuration missing? Note: eth6.98 is the one
and only vlan on eth6.

[Expert@fw]# fw monitor -e 'accept dst=192.168.140.230;'
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
monitor: monitoring (control-C to stop)
eth0:i[75]: 192.168.158.180 -> 192.168.140.230 (UDP) len=75 id=27675
UDP: 4760 -> 161
UNKNOWN:o[75]: 192.168.158.180 -> 192.168.140.230 (UDP) len=75 id=27675
UDP: 4760 -> 161

cphaprob -a if:
...
eth6 DOWN (89.7 secs)non sync(non secured), multicast (eth6.98 )
...

So eth6 seems to be somehow not properly working, even it is recognized by cphaprod.

Version: NGX R60 on Secure Platform, Cluster XL

Cheers, Stefan

[Tan Da Boss]

Hi Stephan,

one of my customers has a similar issue.
he is using Nortel Contivity for specific users and this VPN tunnel passes through his Check Point Site to Site VPN (so VPN inside VPN). No VLAN define on the interfaces.
This architecture was working with NG AI R55 and since the R62 migration, he has had this issue.
In the fwmonitor, we can see unknown interface on the outgoing interface.
We are still troubleshooting this issue without any clue. Maybe CP'TAC will find something.
As a workaround we use a GRE tunnel to replace the Site to Site VPN.

Has anybody encountered this issue also?

Thx

Tan