topic Re: 1470 cluster bad ping results to lan interfaces in Spark Firewall (SMB)

1470 cluster bad ping results to lan interfaces

Jeroen_Demets — Mon, 15 Jun 2020 07:44:37 GMT

Hi,

I'm using the latest r77.20.87 (990173004) build and created a locally managed 1470 cluster. I noticed that pinging the lan vip, lan ip of node 1 and of node 2 is quite bad.

Often pings just fail but the webinterface works and traffic seems to flow normally towards internet.

The lan interfaces are in their own subnet with a routing switch. Connected to the routing switch are internal networks. I've created a vpn with another site and from that site I can ping without any loss towards the internal networks. But pinging to the firewall lan interfaces and vip, just fails quite a lot.

Is that a known issue?

Jeroen

Re: 1470 cluster bad ping results to lan interfaces

Tobias_Moritz — Mon, 15 Jun 2020 14:29:31 GMT

R77.20 is very old but regarding your question:

I think you just hit this old limitation:

sk26874

So enabling fw_allow_simultaneous_ping (set it to 1) should help you solve this problem.

Re: 1470 cluster bad ping results to lan interfaces

Jeroen_Demets — Tue, 16 Jun 2020 08:34:41 GMT

Thanks a lot!

That fixed it and stopped us from worrying something is wrong.

We are actually using this setup with a transit network to a SD WAN setup and were also pinging through that. This means not through the default LAN.

I also used this sk42733 about "Connection from one side of the ClusterXL destined to the physical IP address of a non-Active cluster member on the other side of the ClusterXL fails"

with fwha_forw_packet_to_not_active and with fw_allow_simultaneous_ping active it now works perfectly and monitoring is happy 🙂

(and yes: R77.20 is old but that's the issue with SMB devices, they lag in features and version compared to big Gaia. I wish CP would use one OS everywhere just like most competitors do...)

I hope my reply helps others too.

Re: 1470 cluster bad ping results to lan interfaces

Chris_Atkinson — Tue, 16 Jun 2020 11:01:57 GMT

There is also a default limit on the max ping size that will be accepted, this can also be changed.

Note the 1470 will never see R80.20.XX unfortunately. If this is a requirement migration to 1500 will need to be considered in future.

Re: 1470 cluster bad ping results to lan interfaces

Jeroen_Demets — Tue, 16 Jun 2020 11:29:49 GMT

Tnx for the info about the ping size, good to know.

About the 1500 series, they are still gaia embedded though...so different way of troubleshooting and with their own series of bugs

but yes, we'll use them for future sites and if possible, centrally managed, as the SmartConsole and central logging is so much better than the webui.

Re: 1470 cluster bad ping results to lan interfaces

PhoneBoy — Fri, 19 Jun 2020 01:39:30 GMT

Still Gaia Embedded.