Internet access problems.


I have a ClusterXL HA, version R81.10.

We have "Internet" consumption problems on 1 VLAN in particular (We have several VLANs).

The problem is that, the VLAN X.X.2.0/24, every so often, "runs out of Internet" (Can not consume web services), and what is done as "Workaround", is to disconnect/connect the network card of the PCs, or reboot the PC.

We have quite general "rules", 1 rule for the Internal DNS servers, and another rule below, for the Internet access, but basically the rules are like an "any, any".

Are there any recommendations here that would allow me to rule out that the problem is the Cluster Firewalls?

Thank you.

3 Replies

When the Internet stops working on these devices, what do the firewall logs say? If you narrow down the source to the specific device not working at that time, do you see traffic hitting the firewall, if so, what are the messages? Have you ruled out other things such as duplicate IP addresses on that VLAN? Do all of the devices have the problem at the same time or do some still work?

In the Firewall, when I have filtered the test IP, I have not observed that there are drops or something similar, for an Internet connection.

The strangest thing is that it is only one VLAN that has the problem, on the same interface where this VLAN passes, others pass, and these others have no problems.

Is there any way to rule out that it is a GW problem?

I have tested the Internet connectivity from the GW (Active) to the Internet, and I have the impression that everything is fine.


You can run ip r g and say tracepath commands to see the path its taking, if its the same. Also, zdebug would help, as well as generic tcpdump and fw monitor.

You can use below site my colleague made over the years to help people with different captures.





