This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
nabs_nabs
Contributor
‎2020-07-10 08:23 AM

Upgrade Gateway R77.30 to R80.20 with cpuse: Issue on server return packet

Hi @All,

I want to share an issue to see if anyone has ever encountered the same.

When I upgraded my r77.30 gateway to r80.20 (with CPUSE),  server packets return do not cross my firewall.

Here is a diagram which details the issue:

Client ------ eth1-GW-eth2 ------ Server

when I do a fw monitor on my gateway GW, I see icmp request from Client that enter on eth1 and go out eth2. But no icmp reply on eth2.

When I do a tcpdump on my gateway GW I see icmp request from Client that on eth1 and eth2. AND i see icmp reply on eth2.

When i do "fw ctl zdebug drop | grep IP_Client or IP_Server I don't see any drop packet.

(Same things for tcp packets)

Thanks for your lights.

 

Regards

 

0 Kudos
Reply
3 Replies
Kaspars_Zibarts
Authority
Authority
‎2020-07-11 02:07 AM

Why did you go with R80.20 and not R80.30? As far as I've heard R80.20 was "not that great" release for gateways. Plus did you install latest take as part of your upgrade?

0 Kudos
Reply
nabs_nabs
Contributor
‎2020-07-11 02:40 AM
In response to Kaspars_Zibarts

Hi @Kaspars_Zibarts ,

We have an internal team that has a lot of memory leak problems with r80.30 installed on gateways and apparently especially on VSX.

The latest take is installed on the R80.20 gateway.

Regards.

 

0 Kudos
Reply
Kaspars_Zibarts
Authority
Authority
‎2020-07-14 05:14 AM
In response to nabs_nabs

You would have to share a bit more info then - exactly how did you run your commands and what did you see. 

As for us, R80.30 on VSX has been stable, no issues at all

0 Kudos
Reply