Problem maestro tags GCP

LaurentFr · ‎2024-12-03

Hi, we have a maestro architecture with : 3 gateway, 1 security group and 6 virtual system.

We use datacenter objet (GCP) for rule. Actually we have one gateway that don't have the same tags that the two user so when this gateway processes flow we have drop packet. If we do a pdp monitor ip we have :

- on this gateway : no information

- on the two other gateway : we have all the informations -> machine name, tags, ...

If we do a pdp monitor sumary all on this gateway we can see some GCP tags, so the gateway (identity awareness) connection to management servers seems good

How to find the problem ?

tomlev · ‎2024-12-03

Hi LaurentFr, can you verify that policy is installed on this GW?

Does the problematic GW appear in $FWDIR/conf/vsec_controller_targets_data.set?

LaurentFr

Hi, view with tag, upgrade to the last jumbo of R81.10 solved the problem.

With problematic gateway the command : cat $FWDIR/lib/nac_tables.def | grep dynamic | cut -d ' ' -f1 | grep -v idp | awk '{ print ("-t "$0"")}' ORS=" " | awk '{print "fw tab " $0 "-s"}' | bash

show diffrent result for pdp_sessions and pdp_super_sessions before upgrade. After upgrade we have the same result

Are you a member of CheckMates?

Problem maestro tags GCP