Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
cstaffbrad
Explorer

Bgp does not Established when Standby become Active

 

4400 Next Generation Firewall HA Appliance
Cluster Mode HA (Active,Standby) R80.40 Take 118
Configuration in place a per sk108958

We have implemented Dynamic routing protocol
as per sk108958 but when Cluster-1 is in the active state, the bgp traffic is processed
according to the implicit rule 0. But when Cluster-2 became active,
I see bgp traffic being drop by rule 100.

The workaround is to create a rule and allow the bgp traffic rule
in order to have the bgp status in the established state.

The question now is why is BGP traffic handled with implicit rule
when cluster-1 is Active? and does not apply to cluster-2 when
this becomes active?

Is this specific BGP rule necessary? is this official solution ?
is it by design or is it a bug?

sk39960 explained how to allow bgp traffic
How to allow dynamic routing protocols (OSPF, BGP, PIM, RIP, IGRP) traffic through Check Point Security Gateway
If this is the right solution, then why is the bgp traffic handled by an implicit rule?

0 Kudos
9 Replies
This widget could not be displayed.