KB44479 - Pulse Connect Secure (PCS) - "Nfqueue is full and dropping packets. (kernel) critical." event is seen on PCS 9.1R5 along with noticeable impact on system resources.

Printable View

« Go Back

Information

Last Modified Date	5/20/2020 3:21 PM

Synopsis

This article describes an issue where "Nfqueue is full and dropping packets. (kernel) critical." event is seen on PCS 9.1R5 along with a noticeable impact on the system resources.

Problem or Goal

NFQUEUE is a kernel and user mode module for managing network packets in iptables.

The following event is seen along with a noticeable impact on system resources especially on PCS 9.1R5 and in some rare cases may show up on any PCS version from 9.0R1 onwards as well.

2020-05-12 01:31:40 - PSA7000 - [127.0.0.1] System()[] - Nfqueue is full and dropping packets. (kernel).

This issue is known to occur on PCS versions that support FQDN ACLs irrespective of it being configured or not.

This feature to configure "FQDN Resources" under Users -> Resource Policies -> VPN Tunneling Access Control, was introduced in PCS 9.0R1.

Cause

The issue is most prevalent in PCS 9.1R5 as the Maximum supported FQDN Length was not as per RFC.

Solution

Customers who are on PCS 9.1R5 and impacted are strongly advised to upgrade to PCS 9.1R6 which is now available for download via https://my.pulsesecure.net/

For the other impacted PCS versions, Pulse Secure is working on a solution and will keep this KB updated as and when we make progress.

Related Articles

KB44479 - Pulse Connect Secure (PCS) - "Nfqueue is full and dropping packets. (kernel) critical." event is seen on PCS 9.1R5 along with noticeable impact on system resources.

Information

Feedback

Was this article helpful?