Hi,

- We are having 44k device, where isp redundancy is enabled.

- R80.20 SP GAIA OS.

ch02-02 > cphaprob stat

Cluster Mode: HA Over LS

ID Unique Address Assigned Load State Name

1 192.0.*.* 33% ACTIVE FW-ch01-01
2 192.0.*.2 33% ACTIVE FW-ch01-02
3 192.0.*.3 33% ACTIVE FW-ch01-03
15 192.0.*.15 33% ACTIVE FW-ch02-01
16 (local) 192.0.*.16 33% ACTIVE FW-ch02-02
17 192.0.*.* 33% ACTIVE FW-ch02-03

Active PNOTEs: None

- cpstat fw shows isp redundnacy is proper

ISP link table
---------------------
|Name|Status|Role |
---------------------
|NKN |OK |Primary|  ----> works well (eth1-02)
|BSNL|OK |Backup | ----> does not work.(eth1-01)

---------------------

- All configuration seems fine, but the traffic through secondary link(BSNL) doesnot work.

traffic initiating frim checkpoint firewall

- FW-ch02-02 > ping -I eth1-01 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 1**.2**.1**.**a eth1-01: 56(84) bytes of data.
From 1**.2**.1**.**a icmp_seq=1 Destination Host Unreachable
From 1**.2**.1**.**a icmp_seq=2 Destination Host Unreachable

FW-ch02-02 > ping -I eth1-01 1**.2**.1**.**b
PING 1**.2**.1**.**b (1**.2**.1**.**b) from 1**.2**.1**.**a eth1-01: 56(84) bytes of data.
64 bytes from 1**.2**.1**.**b: icmp_seq=1 ttl=255 time=0.734 ms

- but when secondary isp directly connected to laptop, internet reachability is fine.

C:\Users\RS>tracert 8.8.8.8

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 1**.2**.1**.**b
2 1 ms 1 ms 1 ms 172.24.221.154
3 * * * Request timed out.
4 * * * Request timed out.
5 11 ms 11 ms 11 ms 142.250.172.220
6 12 ms 12 ms 12 ms 172.253.68.113
7 14 ms 13 ms 13 ms 142.251.52.215
8 12 ms 12 ms 12 ms dns.google [8.8.8.8]

Let me know what else needs to be checked here.

Or anyone faced similar kind of issue previously.

Regards

Shira