This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Highlighted
zsh
Iron
‎2018-02-16 01:52 AM

SecureXL is messed up in AWS when R77.30 JHFA is installed

Good day,

Heads up for all of you that are installing new vSEC instances in AWS with Jumbo take 216, 282 or 292

This is only true for the new AMI R77.30-041.168. Previous version of the AMI works fine with JHFA.

 

JHFA will install "just fine", but you will notice that traffic is not passing the gateway. 

fwaccel off and traffic starts flowing again

Another thing that will show the issue is that running fwaccel stats -s command will only provide 1 single row output for Accelerated packets (instead of normally 4-5 rows or whatever it is).

I have a case with TAC and R&D have identified the issue (race condition of some sort) and are currenly working on specific hotfix for us for specific JHFA take.

According to TAC there is only one other reported íssue about this. So probably it won't find its way as permanent fix in coming JHFA. I have a hard time beleiving this since issue is so easy to reproduce with clean install, but thats the info I have.

Anyway, point of the post was that it might save time for someone.

Tags (3)
2 Replies
Highlighted
PhoneBoy
Admin
Admin
‎2018-02-16 10:03 AM

It depends on the nature of the issue/fix as to whether they will include it in the JHF or not.

Thanks for sharing your experiences in any case.

0 Kudos
Highlighted
zsh
Iron
‎2018-03-05 06:44 AM

Just to update status on this one.

Issue was due to some kind of "race condition".

Hotfix provided was specific to the JHFA take you want to install. It did solved the issue and TAC should now be aware about the issue. Why it sometimes happens is unclear. (we were not alone to be affected, but far from anyone does)

After this I deployed 3 more clusters in the AWS and issue did not present it self on those.

0 Kudos