This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Scott_Paisley
Advisor
‎2023-04-04 05:53 AM
In response to Diego_dg

I know this thread is nearly 5 years old, but I don't see a solution, and we hit exactly the same issue

R81.10 machines running on ESXi VM hosts, secondary can't ping the gateway unless the policy is unloaded. Gateway management traffic works fine, probably because it doesn't pass through the policy.

The standby box actually tries to pass external traffic through the active box using the sync connection, which is designed behaviour I believe.

My colleague found a setting on the vSwitch in ESX that seems to be cauing the problem. Under policies, there is a setting for 'Forged transmits'. The default is Reject. Setting it to Accept on the VLAN the Sync traffic uses seems to be working now

The checkpoint uses some kind of virtual MAC for that traffic that the vSwitch doesn't like, so it drops it apparently

(2)
Who rated this post