The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Traffic does not pass via the VPN tunnel after upgrade to R76
Technical Level
Solution ID
sk93380
Technical Level
Product
ClusterXL
Version
R76 (EOL)
Platform / Model
All
Date Created
30-Jun-2013
Last Modified
03-Sep-2013
Symptoms
Traffic does not pass via the VPN tunnel after upgrade to R76 in ClusterXL Load Sharing configuration with Sticky Decision Function (SDF) set to 'IPs'.
Traffic capture with TCPdump shows NAT-T packets on UDP port 4500 on both members. Traffic capture with FW Monitor (without '-p all' in the syntax) does not show these NAT-T packets on any of the cluster members.
Cluster debug (fw ctl debug -m cluster + df drop pivot) shows that both cluster members drop the packets from the client with "fwha_df_chain_module: dropped by DF module".
