Hello All,

Issue - Fail over is not working in dual ISP setup.

Issue Description - We have attached setup in our environment and while trying to do a fail over towards secondary ISP. We observed that old connections are still trying to exit out from primary (Down ISP) and in debug I am getting interface inactive. 

What I observer that if we reset the connection from user end or connection get clear from connection table, then it will go via secondary ISP. 

The thing is this behaviour looks ok with http/https traffic. 

But IPSec and GRE traffic is causing major issue. 

We have 2 different routers behind the firewall trying to communicate internet using IPSec and GRE and we have probing mechanism enabled. So when primary ISP goes down this traffic still trying to go out via primary ISP and due to probing, connection table on the firewall will get automatically refresh. 

Logs after failover done to secondary ISP 

++

;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=47 65.**.**.123:0 -> 165.**.**.12:2048 dropped by misp_rt_chain Reason: Interface is inactive;
;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=47 65.**.**.123:0 -> 165.**.**.12:2048 dropped by misp_rt_chain Reason: Interface is inactive;
;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=47 65.**.**.123:0 -> 165.**.**.12:2048

dropped by misp_rt_chain Reason: Interface is inactive;

++