The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Traffic does not pass via the VPN tunnel after upgrade to R76
| Solution ID |
sk93380 |
| Product |
ClusterXL |
| Version |
R76 |
| Platform / Model |
All |
| Date Created |
30-Jun-2013
|
| Last Modified |
03-Sep-2013
|
Symptoms
- Traffic does not pass via the VPN tunnel after upgrade to R76 in ClusterXL Load Sharing configuration with Sticky Decision Function (SDF) set to 'IPs'.
- Traffic capture with TCPdump shows NAT-T packets on UDP port 4500 on both members.
Traffic capture with FW Monitor (without '-p all' in the syntax) does not show these NAT-T packets on any of the cluster members.
- Cluster debug (
fw ctl debug -m cluster + df drop pivot) shows that both cluster members drop the packets from the client with "fwha_df_chain_module: dropped by DF module".
Solution
|
Note: To view this solution you need to
Sign In
.
|
