AnsweredAssumed Answered

CoreXL Causes R80.10 VEN GW Policy Installation Fail

Question asked by Tim Ireland on Sep 19, 2017
Latest reply on Oct 5, 2017 by Tim Hall

Hi All,

 

I have deployed R80.10 HA Gateways on VMWare (Private Cloud). Each have 5 vCPUs assigned and are using ClusterXL.

 

Everything works perfectly with CoreXL disabled, however when I enable CoreXL for 5vCPU's, policy installation starts to fail with a TCP connectivity failure (port = 18191) error no.10. Disabling CoreXL fixes the policy installation failures.

 

I've been working with TAC over the past 4 weeks and have completely rebuilt my environment to R80.10 base thinking that it was a corruption issue with the Management Appliance or Firewalls, this has now been proven incorrect. Installing the latest Jumbo Hotfix also had no impact on the issue. A top shows that the CPU utilisation is generally no more than 50% on the active gateway member. Typically I can push policy after hours (sometimes it's intermittent), or on weekends when there is little to no traffic going through them.

 

I have read that it's best practice for environments with Heavy Logging to assign a dedicated CPU to the FWD process. Can you please advise if this could likely be the way to go here?

 

I attempted to reduce the CoreXL instances to 3 this morning leaving two free (however not specifically assigning FWD to an available one, refer to attachment, however I started to see alerts on some of my NAT rules and sites published by those rules (not all), stopped working. Disabling CoreXL fixed that issue also.

 

Thanks for your assistance

Attachments

Outcomes