Support Center > Search Results > SecureKnowledge Details
When SecureXL is enabled, traffic through the VPN trusted interface is sent encrypted instead of clear
Symptoms
  • When SecureXL is enabled, traffic through the VPN trusted interface is sent encrypted instead of clear.

  • Disabling SecureXL resolves the issue.

  • Output of 'sim tab vpn_link_selection' command (per sk98722) in the /var/log/messages file shows that the involved interface is used for the link selection with the VPN peer (look at the interface number in the 'IFN' column and run the 'fw ctl iflist' command to get the names of the interfaces).

  • Output of 'sim tab vpn_trusted_ifs' command (per sk98722) in the /var/log/messages file shows the involved interface - i.e., it is indeed trusted (look at the interface number in the 'InterfaceNum' column and run the 'fw ctl iflist' command to get the names of the interfaces).

Cause

SecureXL sometimes encrypts traffic on a VPN trusted interface, if the Link Selection is configured in High Availability (SmartDashboard - Security Gateway object - open 'IPSec VPN' pane - click on 'Link Selection' - select the 'Use probing. Redundancy mode:' - select the 'High Availability').


Solution
Note: To view this solution you need to Sign In .