Browsing delay and jamming

[Dazar]

Hello,
I've NGX R61 that working in load sharing, unicast mode.
i getting a lot of complains about surfing on the net. i search the logs and find this:

Type: Log
Action: Drop
Protocol: tcp
Service: 59382
Source: 209.191.106.109
Destination: *.*.*.*
Source Port: http (80)

----------------

this is just one of many logs that shows blocking a legitimate web site (in this example it's block YAHOO).
anyone have a idea, why i have thousands of requests from web site back to my FW in source port http ?

there is no problem that i can see on the policy, and the anti spoofing is ok.

Thanks,
David
Edit/Delete Message

[swolsten]

The source port is HTTP becuase it is a reply packet to a HTTP request.

It looks like a state sync issue, you are sending the HTTP request out of one firewall then the reply is hitting the other and dropping the connection becuase it is not in its state table.

Run on both firewalls

fw tab -t connections -s

and you should see the connection numbers roughly the same.

Also check "cphaprob stat" and the time is the same on both boxes.

HTH

[Dazar]

I've already tried to shutdown one machine, and working with the other module,
the drops are continuing to appear.

Thanks,
David