I have two data centers each having an open server cluster. The data centers are separated by a WAN. The primary DC's cluster has the organization's Internet link and the following blades enabled: IPS, VPN, APCL/URLF, AB/AV, Identity awareness, Email/antispam. The secondary DC's cluster has the only has IPS enabled (the same IPS profile is applied to both clusters). Both clusters have secureXL and CoreXL enabled (Primary DC with 6 instances, Secondary DC with 3 instances).
We have Veritas netbackup servers at both DCs. Replication traffic between the DCs is accelerated on the Secondary DC cluster (fwaccel conns output shows no flags) but goes to the Medium path on the Primary DC cluster (fwaccel conns output shows 'S' flag).
Disabling IPS on the primary DC (ips off) does not make a difference for this traffic
I have specific source and service definitions for the APCL/URLF & AB/AV rulebases
I have even disabled the above mentioned blades and it has mode no difference
The traffic in question is on tcp port 1556
Right now we are using qos on the switches the servers are connected to limit the bandwidth because the replication causes sustained CPU spikes on the cores and affects other services (eg. VPN and Internet browsing)
I would like to know if anyone has had a similar experience and if any solution was found.