Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

SIC Issues - Internal SSL authentication SSL error (unknown)

Hi Folks. We are on R80.10 (take 184) running VSX gateways with a multi domain manager. We noticed last week on one of the VSX gateway clusters that policy installs were failing.

Further investigation revealed SIC was failing on one gateway only in the cluster (of two). This was preventing a policy install to any VS on that gateway.

We reset SIC from within the management CMA for the failing gateway and confirmed both gateways are responding to SIC. Re-installed the policy to the appliance (not the VS).

Returning to the CMA managing several VS's, we still can't deploy to any VS on that firewall and get 'Internal SSL authentication SSL error (unknown). We can only deploy the policy to the firewall hosting the VS's from the management CMA.

Also....upon resetting SIC and restarting services etc, the VS's stay in a 'down' state. They can be forced to start individually by going into each VS and doing a 'cphastart' along with 'fw ctl setsync start'. They do start with active/standby (we run VSLS), but the connection tables are not syncing.

Bit of history....We did an export of R77.30 management 18 months ago and imported this onto new hardware. Same ip's and hostnames used etc.

Couple of things puzzling me. First of all I would have thought both gateways in the cluster would fail of it was an expiration issue as both were deployed at the same time and SIC is working in the management CMA and we can install the policy to the appliance.

Anyone seen this ?

 

1 Reply
Highlighted
Champion
Champion

You probably need to run the sic-reset per VS on the failing box, see sk34098 for how to do so.
Regards, Maarten