Support Center > Search Results > SecureKnowledge Details
Missing dynamic object configuration on ClusterXL standby member causes outage after failover Technical Level
  • After failover, newly elected active ClusterXL member stops processing traffic.
  • In kernel debug (fw ctl zdebud + drop), traffic is getting dropped by dynamic object rule (any/dynamic > dynamic/any drop).
  • Dynamic routing (OSPF and BGP) neighborship with peers is not formed anymore.
  • zdebug drop might show below drop dropped by fw_first_packet_xlation Reason: Dynamic object is already being resolved

Dynamic object was defined on the Security Management server and policy was installed.
But, the IP range was defined only on the ClusterXL active member.
As soon as the cluster fails over, the traffic starts to drop.

Note: To view this solution you need to Sign In .