Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
csh
Explorer

Asymmetric structure network test

Hello,

I conducted a network test of asymmetric structure.

 

1. Check packet drop  icmp  in asymmetric structure network test.

----------------------------------------------------------------

[Expert@test2:0]# fw ctl zdebug + drop

@;103266;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=1 200.0.0.100:0 -> 100.0.0.100:17460 dropped by fw_first_packet_state_checks Reason: ICMP reply does not match a previous request;
@;103467;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=1 200.0.0.100:0 -> 100.0.0.100:17459 dropped by fw_first_packet_state_checks Reason: ICMP reply does not match a previous request;
@;103601;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=1 200.0.0.100:0 -> 100.0.0.100:17458 dropped by fw_first_packet_state_checks Reason: ICMP reply does not match a previous request;

----------------------------------------------------------------

2. fw ctl get int fw_allow_out_of_state_icmp is checked, value 0

[Expert@test2:0]# fw ctl get int fw_allow_out_of_state_icmp
fw_allow_out_of_state_icmp = 0
[Expert@test2:0]# fw ctl get int fw_allow_out_of_state_tcp
fw_allow_out_of_state_tcp = 0

----------------------------------------------------------------

3. fw ctl set -f int fw_allow_out_of_state_icmp 1 / cat $FWDIR/boot/modules/fwkern.conf file

[Expert@test2:0]# cat $FWDIR/boot/modules/fwkern.conf

fw_allow_out_of_state_icmp=1

----------------------------------------------------------------

After setting it up, the ping test was successful.

when rebooting, the value of the fwkern.conf file remains the same.

but when fw ctl get int fw_allow_out_state_icmp is entered, fw_allow_out_of_state_icmp = 0.

Ping test failed when rebooting.

 

Gateway OS version R81..

I know the setting value of $FWDIR/boot/modules/fwkern.conf should be applied first booted when booting the equipment.

But wouldn't it be applied if I reboot it?

Please help me..

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

It should apply fwkern.conf on reboot.
If not, I recommend a TAC case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events