Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
StackCap43382
Contributor

vsec Standby Connectivity Issue After r80.40 Upgrade

Hi All,

An Azure VSEC cluster has been upgraded to r80.40 and we are not able to failover between members.

Checking connectivity we are unable resolve DNS on reach any external entity from the standby.

Further investigations show the standby using the sync (eth1) to send it via primary.
The primary is then sending the connection out its public (eth0) and folding behind the cluster address.

Response traffic is being folded back to the correct IP but then routed out of eth0 and oblivion.

Internal Interface: Eth1
External Interface: Eth0
Sync link: Eth1

fwha_forw_packet_to_not_active=0
fwha_cluster_hide_active_only = 1
fwha_silent_standby_mode = 0

SKs:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Before I shove more ports into table.def, anyone else seen this?

 

3 Replies
This widget could not be displayed.