Traffic blocked for no reason

Question

Hi Guys 
 i am seeing A LOT of event in my log viewer about "TCP timestamp is missing" 
 this is coming from my internal LAN and going to the internal LAN (VLAN to VLAN) 
 
 the firewall rule that is refrenced in the log viewer point to rule 11 
 in rule 11 i have absolutely nothing configured that might block the traffic. 
 no IPS, no web filter...nothing:

this rule is set to allow all internal traffic from all vlans to all vlans. 
 so...what is blocking this traffic i see in the log viewer??? 
 
 thanks guys!

rfcat_vk · Answer

Hi, 
 I suspect you have taken to generalisation to the vlan to vlan rule. You need a rule for each VLAN to reach all other VLANs. So basically you need a rule for each VLAN if you wan the XG to route the traffic. Alternatively you route the traffic within the switch providing the VLANs and leave the XG to manage internet access. 
 Ian

Aditya Patel · Answer

Hello Avi, 
 It does seem IPS have pre-processed your traffic. Could you please change the settings according to this KBA ? As it does seem you are affected by it.

Aditya Patel · Answer

Hi Avi, 
 IPS would still work, all you would need is to apply IPS policy on the firewall rule where the traffic transverses through and manage the signatures if they cause some traffic to drop. Pre-processing at the moment is not configurable.