Create a Post
Showing results for 
Search instead for 
Did you mean: 

ClusterXL successfully fails over /newly active member starts sending logs as its member interface?

I've got a 2 node Cluster sending logs to a remote mgmt server over a VPN VTI.

If I shut down Node B (the one that was brought up first), everything still works (traffic is routing, Cluster is all green. I can push policy, etc) except for the now active Node A sending some packets and log shipping not from itsMGMT IP, but its WAN cluster member interface or sometimes even the local VTI endpoint. Whats also weird is that during this time, I somehow still manage to get logs but they are logged as origined from the FW that is shut off!

Wondering if anyone can shed any light?

0 Kudos
1 Reply

Just because a node is not primary doesn’t mean it can’t (or won’t) pass traffic that is routed to it somehow.
In the past, some instances of this were handled with a process called Chain Forwarding, but in R80.20 and above, it’s called the Cluster Correction Layer.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events