Create a Post
Showing results for 
Search instead for 
Did you mean: 

Facing trouble with HA Cluster 1570R Firewalls

Hello Guys,


we have some trouble with our 1570R Gateways connected as ClusterXL HA and sync Port.


We have the following setup:



Because of technical issues, we have not been able to connect the snyc port directly.

So the Sync goes over the Access Level on Cisco Switches, with a special VLAN, dedicated to the sync IPs.

The VLAN is routed on the Core.


Our Problem is, that when one firewall crashes(power outtage or restart) the HA seems to work, but the Produciton Line dont comes up. Until one of the member gets restarted manually. 


So the problem seems to be, that the Hirschmann devices dont use the new route over the new active member when the other one is not reachable anymore. When the restart is done the firewalls go back to the old member state, but the Hirschmanns are keeping the old route. 


SO we lose the connection to the production line, until we manually redo the state change and the old route is working again.


My question now:


whats wrong? how can we solve this issue?


Is it because we are using the sync port over the cisco level?

The Sync ports have a dedicated connecton to the cisco switches, and dedicated vlan/subnet


Can someone provide helpful input? Would be nice. 

0 Kudos
1 Reply

Possibly worth testing Virtual MAC mode for the Cluster:


Otherwise more information is required...

Which version/build are the Gateways - R80.20.35 (992002577) ?

Anything interesting in the logs from the gateways?

Do the switches have g-arp disabled?

What are the routes / default gateways pointed at for their next-hop?

Do you have the switches ARP/Mac table outputs from a failure scenario that you can analyze?


0 Kudos