This article explains the issue caused by migration to CFS 4.0 in SonicOS 18.104.22.168 and 22.214.171.124-25n. This issue has been reported on Factory Defaulted firewalls as well as previous settings imported firewalls. The resulting behavior is
- The pages get blocked. There is no CFS block page, instead there is a "Request Timeout" error on the browser
- Packets are dropped on the firewall, either as "Enforced Firewall Rule" or "Policy Drop"
After further investigation it was found that
- Some of the requests are getting reset
- In some cases the TCP fragments are lost
Excluding the device from CFS is a possible workaround for this issue.
This issue has been reported and is being investigated in DTS 178816. Please provide
- TSR from the firewall
- Settings file
- packet captures in html and pcap before and after adding the device IP in CFS Exclusion
- Screenshot of the error message
A hotfix is available for this issue. Please contact Technical Support, with the above data so the hotfix can be provided once it has been confirmed that the issue is the same.