Lincoln Webber

SecureXL Medium Path Puzzle

Discussion created by Lincoln Webber on Nov 17, 2017
Latest reply on Nov 30, 2017 by Lincoln Webber

I have two data centers each having an open server cluster. The data centers are separated by a WAN. The primary DC's cluster has the organization's Internet link and the following blades enabled: IPS, VPN, APCL/URLF, AB/AV, Identity awareness, Email/antispam. The secondary DC's cluster has the only has IPS enabled (the same IPS profile is applied to both clusters). Both clusters have secureXL and CoreXL enabled (Primary DC with 6 instances, Secondary DC with 3 instances).

We have Veritas netbackup servers at both DCs. Replication traffic between the DCs is accelerated on the Secondary DC cluster (fwaccel conns output shows no flags) but goes to the Medium path on the Primary DC cluster (fwaccel conns output shows 'S' flag).

Disabling IPS on the primary DC (ips off) does not make a difference for this traffic

I have specific source and service definitions for the APCL/URLF & AB/AV rulebases

I have even  disabled the above mentioned blades and it has mode no difference 

The traffic in question is on tcp port 1556

Right now we are using qos on the switches the servers are connected to limit the bandwidth because the replication causes sustained CPU spikes on the cores and affects other services (eg. VPN and Internet browsing)  

 

I would like to know if anyone has had a similar experience and if any solution was found.

Outcomes