Have a peculiar problem after introducing Virtual Router on our VSX to interconnect most VSes on that cluster.
If traffic originates from a VS on the standby VSX and it needs to reach another VS (i.e. Identity Sharing on port 15105) or a service that's behind another VS (i.e. DNS for FQDN objects), it will stop dead in it's tracks at the standby VR - I'm assuming VR is not forwarding traffic as it is in standby state. Diagram below might help understanding the issue:
I'm not too sure if anyone else has seen it? And possibly found a solution. I tried to search SKs but did not find anything relevant.
Seems like obvious solution in HA VSX case, would be first forwarding packet from standby VS1 to active VS1, then routing it normally via active VSX. And when packet is returned to active VS1, it would forward it back to originating standby VS1. This way we would resolve both FQDN case and IA publishing.
Currently we have lots of domain alerts in logs from standby VSX:
as well as standby VS that's publishing IDs to other VSes is marked as "failed" in SmartConsole:
| User | Count |
|---|---|
| 23 | |
| 17 | |
| 16 | |
| 13 | |
| 8 | |
| 8 | |
| 7 | |
| 5 | |
| 5 | |
| 5 |
Tue 12 Nov 2024 @ 03:00 PM (AEDT)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Tue 12 Nov 2024 @ 10:00 AM (CET)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (EMEA)Tue 12 Nov 2024 @ 02:00 PM (CET)
Part 1: Harnessing AI to Prevent Cyber Attacks and Enhance Defense - EMEATue 12 Nov 2024 @ 11:00 AM (EST)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (AMERICAS)Tue 12 Nov 2024 @ 02:00 PM (EST)
Part 1: Harnessing AI to Prevent Cyber Attacks and Enhance Defense - AmericasTue 12 Nov 2024 @ 03:00 PM (AEDT)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Tue 12 Nov 2024 @ 10:00 AM (CET)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (EMEA)Tue 12 Nov 2024 @ 02:00 PM (CET)
Part 1: Harnessing AI to Prevent Cyber Attacks and Enhance Defense - EMEATue 12 Nov 2024 @ 11:00 AM (EST)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (AMERICAS)Tue 12 Nov 2024 @ 02:00 PM (EST)
Part 1: Harnessing AI to Prevent Cyber Attacks and Enhance Defense - AmericasWed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaSThu 21 Nov 2024 @ 02:00 PM (MST)
Denver North: Infinity External Risk Management and Harmony SaaSTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management Workshop
.png "Wolfgang"){kind=avatar}
