Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Roadrunner88
Contributor

Facing trouble with HA Cluster 1570R Firewalls

Hello Guys,

 

we have some trouble with our 1570R Gateways connected as ClusterXL HA and sync Port.

 

We have the following setup:

Unbenannt.PNG

 

Because of technical issues, we have not been able to connect the snyc port directly.

So the Sync goes over the Access Level on Cisco Switches, with a special VLAN, dedicated to the sync IPs.

The VLAN is routed on the Core.

 

Our Problem is, that when one firewall crashes(power outtage or restart) the HA seems to work, but the Produciton Line dont comes up. Until one of the member gets restarted manually. 

 

So the problem seems to be, that the Hirschmann devices dont use the new route over the new active member when the other one is not reachable anymore. When the restart is done the firewalls go back to the old member state, but the Hirschmanns are keeping the old route. 

 

SO we lose the connection to the production line, until we manually redo the state change and the old route is working again.

 

My question now:

 

whats wrong? how can we solve this issue?

 

Is it because we are using the sync port over the cisco level?

The Sync ports have a dedicated connecton to the cisco switches, and dedicated vlan/subnet

 

Can someone provide helpful input? Would be nice. 

0 Kudos
1 Reply
Chris_Atkinson
Employee Employee
Employee

Possibly worth testing Virtual MAC mode for the Cluster:

vmac.png

Otherwise more information is required...

Which version/build are the Gateways - R80.20.35 (992002577) ?

Anything interesting in the logs from the gateways?

Do the switches have g-arp disabled?

What are the routes / default gateways pointed at for their next-hop?

Do you have the switches ARP/Mac table outputs from a failure scenario that you can analyze?

 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events