Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Participant

AWS LB sandwich does not come up healthy in some cases

we have an AWS ingress gateway auto scale group deployed. We have all routing setup between accounts using tgw.

 

However, and this is random, some of our External load balancers with targets as gateways do not come up healthy. this is completely random but once comes up as unhealthy it never turns healthy for that particular lb. 

 

i am able to curl from the gateway to the internal LB and the internal LB is healthy and can be hit directly and shows the webpage.

 

Setup:

External lb:

Listen port 443

Target port: 9500 (doesnt come up healthy but autoprov and provisioned the rules)

 

Internal LB:

Listen port 443

Target port 443

TAG-: x-chkp-forwarding-  https-9500-443

 

any idea what could be happening here? we are not doing https inspection, just passing from https traffic.

 

thanks

Rohan

 

4 Replies
Admin
Admin

Can you see traffic coming from the external load balanced at all?
Maybe they need to be killed and restarted?

Hi Rohan,

Try the below setting on the Target groups of Firewall- Health Checks:

Protocol: HTTPS

Path: /

Port: traffic port

Healthy Threshold:2

UnHealthy Threshold:2

Timeout: 4

Internal:10

Success Codes: 200-499

This should give Firewall health check fine.

 

Regards, Prabu

0 Kudos
Reply
Participant

So this was a bug we faced in r80.20. the only way to solve was turn off fwaccel on r80.20 IAAS. 

0 Kudos
Reply

Not tested in R80.20.

But for my customer in R80.30 have "fwaccel on" and that setting on Health Check did work.

 

Regards, Prabu

0 Kudos
Reply