Gateway not replying to pings

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!

Join the Photo Contest!

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hello all,

we upgraded one Security Gateway to R80.20 and we have a really strange behavior.

The gateway doesn't reply to ping requests.

We see logs that the request is accepted, and the tcpdump and fwmonitor shows that the requests successfully reach the gateway, but both tcpdump and fwmonitor don't show replies. Also on zdebug we don't see any drops at all.

We disabled SecureXL with "fwaccel off", because it has caused some problems on others upgrades and the issue persists.

It is really weird, and we cannot think what may cause this problem.

Find below tcpdump output with some requests but without replies!

08:27:18.461003 IP 10.x.78.154 > 10.x.78.1: ICMP echo request, id 6556, seq 38729, length 87
08:27:19.462044 IP 10.x.78.154 > 10.x.78.1: ICMP echo request, id 6556, seq 38730, length 87
08:27:20.463021 IP 10.x.78.154 > 10.x.78.1: ICMP echo request, id 6556, seq 38731, length 87

The 10.x.78.1 is the VIP of the cluster, and the server with 10.x.78.154 is an esxi that has to ping the default gateway as a Keep Alive mechanism.

Can you think of something to investigate, because we have reached a wall.

Thank you all