Support Center > Search Results > SecureKnowledge Details
Traffic drops when SecureXL is enabled on VSX after upgrade to R80.20 / R80.30
Symptoms
  • Traffic starts dropping on VSX when SecureXL is enabled, and starts working again when SecureXL is disabled.
  • The impacted traffic goes from a VS through a VR/VSW. The VR/VSW has bond interface which functions as external interface.
  • SecureXL debugs (according to sk31404) shows this message:
    fwmultik_f2p_routing: fw_os_route_retrieve_streaming failed
Cause

In R80.20 and above, When SecureXL is enabled the traffic is moved directly from the Virtual system to the external interface of the virtual switch or router and not through the wrp/wrpj interfaces.

When SecureXL in on, If the bond (of the VSW/VR) is missing from the output of '#fw ctl iflist' from the VS context (the VS which leads to the VSW/VR), it causes traffic to drop before it can reach the external interface.

Note: When secureXL is off, The traffic goes thorough different interfaces: wrp and wrpj of the VS and VSW/VR. Hence,  even if the bond interface is missing from the output of '#fw ctl iflist' of the problematic VS, the traffic goes smoothly


Solution
Note: To view this solution you need to Sign In .