Local ACL/Invalid Traffic

Question

Hey all, 
 Has anyone discovered a way to determine what, specifically, the firewall is talking about when it denies traffic based on a "Local ACL" or "Invalid Traffic?" 
 I'm struggling getting a CIFS client to communicate (getting host down messages) when all other devices on the network are using this share just fine. (It worked before I switched to this firewall as well, so I know it's something in here) I'm having trouble locating the reason why it'd be dropping this traffic. 
 
 Thanks for any assistance you can provide!

:)

StefanZimmer · Answer

In my case the reason for https being blocked was the Masquerading switch. If that was turned on in a security rule all traffic running via that rule dropped https.

AmitSharma · Answer

Local ACL/ Invalid traffic suggests that either a correct firewall rule is not created in the rule engine for that traffic or it does not meet the requested/expected TCP states or RFC specifications, case of an asymmetric routing etc. To pull out a proper log: 1. Access CLI of the firewall and select Option 4- Device Console 2. Execute the following command " console> drop-packet-capture "host x.x.x.x or host y.y.y.y" A host can be a source or destination to filter dropped traffic for a particular connection. Normal gates are supported for each of the syntax such as AND/OR/NOT 3. For a broadcast drop, you will get logs as follows: 2015-12-22 03:27:06 0103021 IP 172.16.16.17.137 > 172.16.16.255.137 : proto UDP: packet len: 58 checksum : 17827 0x0000: 4500 004e 4958 0000 8011 7816 ac10 1011 E..NIX....x..... 0x0010: ac10 10ff 0089 0089 003a 45a3 fe25 0110 .........:E..%.. 0x0020: 0001 0000 0000 0000 2046 4846 4145 4245 .........FHFAEBE 0x0030: 4543 4143 4143 4143 4143 4143 4143 4143 ECACACACACACACAC 0x0040: 4143 4143 4143 4141 4100 0020 0001 ACACACAAA..... Date=2015-12-22 Time=03:27:06 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=PortA out_dev= inzone_id=1 outzone_id=4 source_mac=3c:97:0e:53:7b:e0 dest_mac=ff:ff:ff:ff:ff:ff l3_protocol=IP source_ip=172.16.16.17 dest_ip=172.16.16.255 l4_protocol=UDP source_port=137 dest_port=137 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=3736931136 status=0 state=256 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A Hope this helps.