Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Policy Installation

Hi,

 

We have noticed that during a policy installation our incoming traffic from the internet is not getting through the firewall. We then receive alerts from site 24x7 that they are unable to connect/monitor our website.

We have also seen our internal monitoring server getting timeouts when trying to perform its checks (ping, telnet, etc,) against our web servers, again only during a policy install on the FW's

 

We are running version 80.10 on all FW's

 

Thanks,

John

0 Kudos
3 Replies
Highlighted
Admin
Admin

Depending on how much traffic your gateway is passing, this may happen.
This is because there is a period of time during the policy installation process where SecureXL needs to be refreshed with the updated new policy, which causes all traffic to go through F2F (slowpath).
This is one of the things that was fixed with the redesign of SecureXL in R80.20 and above.
0 Kudos
Highlighted
Champion
Champion

Unless your monitoring system is cranked up to a ridiculous level of sensitivity, you normally shouldn't have disruptions during policy loads that last long enough to cause the effects you are seeing.  This assumes of course that you have a properly sized gateway for your traffic load, what model numbers are we talking here (let me take a guess - 3200 or lower) and about how much traffic are they pushing?

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Employee
Employee

Please add more specifics related to policy, type of traffic, load, appliance, etc. It;s hard to respond to a non-detailed question
0 Kudos