topic Re: VSX routes on vs R80.20 static routes in manager but not in the gateways in Firewall and Security Management

VSX routes on vs R80.20 static routes in manager but not in the gateways

Antonio — Sun, 05 May 2019 12:13:36 GMT

Hi people.

I have 2 VS in a VSX CLuster.

The firstone (VS) works ok, and when I run the #vsx_util view_vs_conf I can see the statics routes was i configured, on the report, and applied in the gateways, the report represent the status vith a "V" in every vsx gateway box.

+----------------------------------------------------------+-----+-------------+
|Ipv4 Routes |Mgmt |VSX GW(s) |
+--------------------------+--------------------+----------+-----+------+------+
|Destination / Mask Length |Gateway |Interface | |nvsxgw|nvsxgw|
+--------------------------+--------------------+----------+-----+------+------+
|10.0.110.0/29 | |eth3 | V | V | V |
|10.0.160.0/29 | |eth5 | V | V | V |
|192.168.2.0/26 | |wrp128 | V | V | V |
|10.100.48.27/32 |10.0.110.1 | | V | V | V |
|0.0.0.0/0 |192.168.2.1 | | V | V | V |
+--------------------------+--------------------+----------+-----+------+------+

BUt in the secondone, when I run the same report from the Manager, the boxes say me with a "-" the static routes are not present in the gateways.

Routing table:

+----------------------------------------------------------+-----+-------------+
|Ipv4 Routes |Mgmt |VSX GW(s) |
+--------------------------+--------------------+----------+-----+------+------+
|Destination / Mask Length |Gateway |Interface | |nvsxgw|nvsxgw|
+--------------------------+--------------------+----------+-----+------+------+
|10.0.16.64/26 | |eth4 | V | V | V |
|192.168.2.0/26 | |wrp192 | V | V | V |
|10.100.48.27/32 |10.0.16.65 | | V | - | - |
|0.0.0.0/0 |192.168.2.1 | | V | V | V |
+--------------------------+--------------------+----------+-----+------+------+

Routing Table Legend:

V - Route exists on the gateway and matches management information (if defined on the management).
- - Route does not exist on the gateway.

The bahavior is that i have comunication with the first VS, but not to the second, the lastone canot be release it have a configured route with the SmartConsole, on the topology pane. And canot deliver responses to the packets from the internal network.

Trying to TS, I was delete the VS, and create again, shutdown the gateways, delete and restore the static routes needed, without expected results.

someone have any idea what can i do?

thanks a lot for your help.

Re: VSX routes on vs R80.20 static routes in manager but not in the gateways

PhoneBoy — Tue, 07 May 2019 14:37:42 GMT

Recommend opening a TAC case so we can investigate as it sounds like configuration is not being pushed properly.

Re: VSX routes on vs R80.20 static routes in manager but not in the gateways

Maarten_Sjouw — Tue, 07 May 2019 18:02:30 GMT

If that network is on a vlan, I would double check that the VLAN is really available on that second unit, it sounds like the network is not properly connected.

Re: VSX routes on vs R80.20 static routes in manager but not in the gateways

Vladimir — Tue, 07 May 2019 18:43:44 GMT

Static routes are present but not active until interface behind which the next hop is defined connected.

Re: VSX routes on vs R80.20 static routes in manager but not in the gateways

Antonio — Tue, 07 May 2019 18:49:39 GMT

Hi, I have visibility on the switch where the IP appliance is connected, the 10G interface is up and running. Let me know if you refer to a status on the checkpoint appliance 5800, when I do the Show interfaces all, Ifconfig, or fw getifs, the interfaces looks up and running.

Re: VSX routes on vs R80.20 static routes in manager but not in the gateways

Maarten_Sjouw — Tue, 07 May 2019 21:08:21 GMT

Do you have VLAN's on that 10Gb interface?
I'm not really talking about the physical interface, the logical interface is more important in this case, I'm sure you checked that the physical interfcae is up and running, how about the VLAN, is it allowed on the switches' trunk interfaces, is the VLAN created on the switch, is the VLAN available in any uplink etc etc.

Re: VSX routes on vs R80.20 static routes in manager but not in the gateways

Antonio — Tue, 07 May 2019 21:32:36 GMT

HI all,

On first time after your responses, I try updating the Manager to R80.20M2 but the behavior remains.

Viewing the configuration on GAIA, (firt seting vsx off to gain acces to the web access), I say two interfaces vlans, that I don't need on my architecture, and forget to delete in the past. When I delete de two vlans, the routes appears replicated on the gateways, seeing the report with the vsx_util, and finally we can reach the internal interface of the virtual system.

Thanks to all for your suggestions.

Re: VSX routes on vs R80.20 static routes in manager but not in the gateways

Antonio — Tue, 07 May 2019 21:35:00 GMT

really, the 10GB interfaces are configured to physically dedicated attend the traffic, without vlan tag, the switchport is in access mode.