So we have a functioning HA pair of 3200s at a branch office. Everything works fine.
We need to replace these with an HA pair of 5200s so the 3200s can be rotated out to a different office.
I’ve built the 5200s from base image (R80.40) and addresses the interfaces identically to the 3200 cluster, including MAC addresses.
Reset SIC in SD, get topology, model and OS from firewalls then push policy.
New cluster establishes and traffic flows out of the LAN down the MPLS.
You’d think that would be fine and dandy but it isn’t.
No TCP sessions establish from the LAN. Can see first packets arriving at the Internet breakout at the perimeter. 5200s can get updates and access everywhere internally that they should. Never any sessions from the LAN. Firewall rules unchanged. Logging on origin firewalls identical to originals.
ARP caches flushed on all switches and routers at the branch office. Still no sessions.
ClusterXL fine. No errors in any logs. Licenses all fine
Plug the old cluster back in and everything works.