The documentation for R80.30. My current Gateways versions R80.30.  Everything works on the active device. Only on the stanby device the internet cable is not plugged in. I want to access internet via LAN port without internet cable.
Like any device in the local network (switch, laptop...). Can it follow the blue path in the picture below and access the internet? 

Lets start with basic routing/networking...so, lets take for example very simple home setup (just as a comparison). You would always get private IP address (non routable). So, in order for you to get online to the Internet, that IP has to route some way egress and way to do it it is through your ISP router, or say 3rd party wi-fi router, which would do the natting, if your ISP router is in bridge mode.

Here, I dont see logically how that IP 10.0.0.6 would be able to connect to the Internet if it cant be natted or has no route anywhere.

Andy

The gateway of 10.0.0.0.6 is 10.0.0.0.1. 10.0.0.1 is the switch. 10.0.0.0.1 routes all traffic to 10.0.0.0.2 that Firewall cluster ip address. In this case, 10.0.0.0.6 should also connect to the internet with this ip address in this way. Isn't this the expected behavior?

I dont know your network, so I wont even make a logical assumption. As I can suggest you do is below and compare on both members, it will give you a good idea.

Andy

ip r l

netstat -nr

ip r g 8.8.8.8

Andy

My documentation shows otherwise:

Note the "identical CP security GWs" means HW, used ports and configuration. Please show me where you found the only-one-node-connected-to-ISP configuration ! How should that ever work ?

I agree 100%, I dont see how this can ever work any other way.

Andy

Yes, that is  true. I am just asking about a temporary situation. For example: I don not have the FW-2 wan cable right now. In this case, it is impossible to connect fw-2 to the internet. 

Thats right...they way you have it, it would not be possible.

Andy

So disable ClusterXL and use a single GW during this temporary situation. 

No - the blue road is just not possible when using ClusterXL. You can disable ClusterXL and use fw-2 as a single GW as long as a second WAN cable is not available, but you can not use HA or LS clustering during that time.

@ikafka I also dont see this working any way how you pasted the screenshot.

Andy

Right, but then it defeats the purpose of clustering : - (

At the moment, ClusterXL is also not working, so that is not the difference - it just makes no sense at all ! The need: "I just want it to receive updates" does not explain anything, either...

That is  right. Cluster is not working because FW-2 doesn not have a WAN cable (ISP has not given Port2 for FW-2 wan connection yet.). Only the rules and databbase are the same. This is a temporary situation.

I want to upgrade FW-2 and I want it to get the upfates, which is not possible at the moment. I will import the upgrade files from Gaia and upgrade. Thanks. 

I'm with you. I know it's like you said. Temporarily unable to plug in a WAN cable. It's a physical problem. I want internet access to continue until the physical problem is solved. I just want it to receive updates. I know that all ports must be mapped for redundancy!

Just do traceroute and it will show you where it fails, its that simple.

Andy

There commands outputs

tracert output:

[Expert@fw2:0]# tracert 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 40 byte packets
sendto: Network is unreachable

ip r l output:

[Expert@fw2:0]# ip r l
10.255.255.0/30 dev eth5 proto kernel scope link src 10.255.255.2
1.1.1.0/30 dev Mgmt proto kernel scope link src 1.1.1.2
10.99.4.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.5.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.6.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.7.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.0.0/24 dev eth1 proto kernel scope link src 10.99.0.6
10.99.1.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.2.0/24 via 10.99.0.1 dev eth1 proto routed
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.4
10.99.3.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.13.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.14.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.15.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.8.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.9.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.10.0/24 via 10.99.0.1 dev eth1 proto routed
10.99.11.0/24 via 10.99.0.1 dev eth1 proto routed

netstat -nr output:

[Expert@fw2:0]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.255.255.0 0.0.0.0 255.255.255.252 U 0 0 0 eth5
1.1.1.0 0.0.0.0 255.255.255.252 U 0 0 0 Mgmt
10.99.4.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.5.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.6.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.7.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.99.1.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.2.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.99.3.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.13.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.14.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.15.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.8.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.9.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.10.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1
10.99.11.0 10.99.0.1 255.255.255.0 UGD 0 0 0 eth1

ip r g 8.8.8.8 output:

[Expert@fw2:0]# ip r g 8.8.8.8
RTNETLINK answers: Network is unreachable

Thanks/regards