1. Ping the firewall. The result indicates that a lot of packets are lost. Ping the switch. No packet loss is detected.
2. Check for packet loss on the firewall. No packet loss occurs on the firewall.
3. Check the configured policies. No problem is found. Delete all policies. A lot of packets are still lost. Therefore, this problem is hardly relevant to policies.
4. Check whether the packets are lost between the firewall and the switch. Log in to the C3500, and finds that the state of the C3500 interface connecting to the firewall changes between up and down repeatedly.
5. The C3500 is old and of an early version. The problem may be caused by interface negotiation.
6. Adjust the negotiation modes of the two interfaces. The negotiation succeeds, only when the C3500 interface is in mandatory Gigabit full duplex mode and the USG5000 interface is in adaptive mode.
1. The firewall discards packets.
2. The policy configuration is improper.