AnsweredAssumed Answered

CoreXL Causes R80.10 VEN GW Policy Installation Fail

Question asked by Tim Ireland on Sep 19, 2017
Latest reply on Oct 5, 2017 by Timothy Hall

Hi All,


I have deployed R80.10 HA Gateways on VMWare (Private Cloud). Each have 5 vCPUs assigned and are using ClusterXL.


Everything works perfectly with CoreXL disabled, however when I enable CoreXL for 5vCPU's, policy installation starts to fail with a TCP connectivity failure (port = 18191) error no.10. Disabling CoreXL fixes the policy installation failures.


I've been working with TAC over the past 4 weeks and have completely rebuilt my environment to R80.10 base thinking that it was a corruption issue with the Management Appliance or Firewalls, this has now been proven incorrect. Installing the latest Jumbo Hotfix also had no impact on the issue. A top shows that the CPU utilisation is generally no more than 50% on the active gateway member. Typically I can push policy after hours (sometimes it's intermittent), or on weekends when there is little to no traffic going through them.


I have read that it's best practice for environments with Heavy Logging to assign a dedicated CPU to the FWD process. Can you please advise if this could likely be the way to go here?


I attempted to reduce the CoreXL instances to 3 this morning leaving two free (however not specifically assigning FWD to an available one, refer to attachment, however I started to see alerts on some of my NAT rules and sites published by those rules (not all), stopped working. Disabling CoreXL fixed that issue also.


Thanks for your assistance