Support Center > Search Results > SecureKnowledge Details
VSX Gateway with Virtual Router does not pass traffic when SecureXL is enabled
Symptoms
  • Topology:
    • A VR with an External Interface leads to the Internet.
    • 2 or more VSs, each with an Internal Interface leads to a private Network, and an External WRP Interface leads to the VR.
  • No drops can be found in Kernel debug (fw ctl zdebug drop).
  • 'fw monitor' shows the packet only in the inbound chain (small "i").
  • Disabling SecureXL solve the issue.
Cause

When SecureXL is on, the packet bypass the VS and leave directly using the external interfaces (this is also called: warp_jump mechanism). In a topology with a Virtual Router, the traffic needs to traverse through the VR as well.

The  Warp interfaces belonging to a VR do not have Layer 2 information, and as a result, the packets are sent to the VR  without a MAC header and are dropped.


Solution
Note: To view this solution you need to Sign In .