We have Cloudguard R80.10 gws [48 of them] running on a VMWARE NSX-V Cluster 's hosts.
These Cloud guard gws are managed by R80.40 manager.
When VMs are moved between hosts in the VMWARE cluster, all connections drop, and we were of the understanding that all individual Cloudguard gateways are in sync, so that when VMs are moved, traffic will flow without drops [ie... without seeing First packet is no syn].
When I looked at fw tab -t connections -s in individual gateways, I can see the numbers are very different, meaning, Cloud guard gateways are not in sync so it is obvious that when VMs move between hosts in the VMWARE cluster, Is there any fix or workaround that we can apply? This must be a common issue for many out there.
I dont see there is any mechanism that runs among these Cloud guard gateways to do tcp/ udp state synchronisation like Cluster XL, so I can guess the answer. I am bit confused because at the time of selling the product, we questioned the same feature and the answer was it does keep "in sync" the statetable among Cloud gurads, not sure whether we tried that indeed in a lab and took the word on its own merit.
So your expert reply is very much appreciated with any tips and tricks.
Thank you and Kind regards,
Kanishka