Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Scheer
Participant

Implementing FW Cluster

Hi,

We have received CP 6400 two appliances and have planned to implement FW Cluster like Active & Standby. After changing management IP, we configured some setting related to the organization (Including SIC). Also add default route to the management LAN gateway till finish the implementation.

Unfortunately, It is unable to access FW GWs after rebooting. However, we used fw unloadlocal command then it worked. Again its wont be working if perform restart. What is the reason for this?

Thanks    

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee

What level of security policy is currently configured/installed on the Gateways?

Does your topology / anti-spoofing settings allow for the temporary routing which you've configured? 

CCSM R77/R80/ELITE
0 Kudos
G_W_Albrecht
Legend Legend
Legend

fw unloadlocal will unload the policy - looks like your policy is either wrongly constructed or missing. When missing, the default policy will be loaded at boot time and block any connection! This is on purpose - after fw unloadlocal, do a dashboard connect, create a correct policy and install it !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

It definitely sounds like policy or routing, for sure. Here is something you can try when this happens (do not unload the policy). just run below, where x.x.x.x is mgmt IP and y.y.y.y fw IP

fw up_execute src=x.x.x.x dst=y.y.y.y ipp=0

Ping me if you like, we can do remote session, Im sure its something simple.

0 Kudos
EnriqueGB
Participant

Are you trying to access to the Mgmt interface? I think the default policy (the one that comes by default before you install policy from the Management Server) drops connection to any interface that is not Mgmt.

Are you able to install policy?

0 Kudos
Scott_Paisley
Advisor

Check the anti-spoofing setting on the interfaces. The default setting is to drop spoofed packets I believe. We had a similar issue when we moved some gateways from a staging area into production and the route to the management server was messed up.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events