Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Carlos_Arzate
Participant

Problem with logical Servers

The customer has been configured some logical servers. One of them has 2 servers. They had some internal problems and they made a decision to take it down while the problem was reestablished.

The issue is that the requests were still being displayed to the server that was removed from the group. When it should not have to because it was not within the logical server.

Previously in version R80.10, they did only need to install policies and the problem was solved. Now they need to remove the host of the logical server but this affectation was presented.

The client as a workaround disabled "Use persistent server mode".

The client wants to know if with the new version R80.40 the logical servers work in a different way or if the way they work now is an own characteristic to maintain the persistent connections to the server.

Can you help us to check what is happening with the logical servers?

Do you have any comments about this issue?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

The functionality behind Logical Server objects haven't changed in quite some time.
The only major change we've made to it in the last several years was to support use cases in public cloud.
We haven't done any specific enhancements for on-premise usage.

0 Kudos
Carlos_Arzate
Participant

In your experience have you had any problems similar to my client's with logical servers or could you suggest any recommendations for this problem?

I thought about connections persist to reset the connections and send them exclusively to the logical server member when installing policies but that would affect more connections already established.

0 Kudos
PhoneBoy
Admin
Admin

I'm not aware of a lot of customers using this feature outside of CloudGuard Network Security.
However, this does seem like it's not working as expected.
If you removed a server from the pool, installed policy, and traffic is still being directed to that server, that implies something may be cached in one of the connection tables.
This might need a TAC case.