Cluster member might crash when processing a NAT connection, if SecureXL is not enabled on all cluster members

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk111888
Technical Level
Product	SecureXL, ClusterXL, Cluster - 3rd party
Version	R76 (EOL), R77 (EOL), R77.10 (EOL), R77.20, R77.30 (EOL)
OS	Gaia, SecurePlatform 2.6, Gaia Embedded, Crossbeam XOS, IPSO 6.2
Platform / Model	All
Date Created	09-Jun-2016
Last Modified	21-May-2017

Symptoms

Cluster member might crash in the following scenario:
- This cluster member became Active
- SecureXL is enabled on this cluster member
- SecureXL is not enabled on all members in the cluster
- NAT rules exist in the policy

Cause

Since SecureXL is not enabled on all members in the cluster, FireWall and SecureXL tables of which NAT ports were allocated to which cluster member are not synchronized. As a result, FireWall created and offloaded a NAT connection using a NAT port that is not within the SecureXL range of allocated NAT ports. This caused the cluster member to crash.

Solution

Note: To view this solution you need to Sign In .