sk119154
Symptoms
•Cannot connect to the Standby member from a non-local subnet (source and destination are not on the same subnet).
•Connecting to the Standby member from a local subnet (source and destination are on the same subnet) works.
•When running # fw ctl zdebug drop on the Standby member, the following line can be seen:
;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 2.2.2.2:443 -> 20.0.0.1:58522 dropped by fwchain_reject_mtu Reason: rejected;
Cause
Environment: VPN Visitor Mode is enabled on port 443.
When Visitor Mode is enabled, the Standby member will reject all traffic sent to it via the Visitor Mode port.
By default, Visitor Mode is enabled on port 443.
Jerry
