Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 3975 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auxiliary Device Not Accessible from GUI.

Murad Hussain

Greeting,

Please guide me in resolving the issue.

Current environment (Active-Passive with version 18.5 and model XG330):

  • Dedicated HA Link Ports connected directly.
  • For Primary Firewall HA dedicated port is 7, assigned IP is 12.28.1.254/24.
  • On same port created the VLAN with subnet of 10.28.1.254/16 for internal LAN.
  • Dedicated Peer HA Link is 100.200.100.254.
  • Peer Administration IP for auxiliary device is 12.28.1.253.
  • Port7 of both FW connected on Cisco Layer 3 SW at P3 and P8 respectively and below is configuration details at Switch.

Issue:

  • Not able to access GUI of auxiliary device from Peer Administration IP 12.28.1.253. 

Observation:

  • Firmware upgradation completed successfully without any issue .i.e. I don’t have to upgrade the firmware on individual Appliance manually.
  • If I shut port either P3 or P8 depending on which port Primary appliance connected, failover take place without any physical changes.

From the above the observation, we can say that there is no issue relates to connectivity.

  • Checked at Switch that mac dress table is empty for the interface at which auxiliary device connected, refer the below screenshot for reference.

 

Queries:

  • On Active-Passive Environment, is Auxiliary Device accessible over GUI?
  • As auxiliary device is on Standby Mode, so still ARP will get complete? If yes kindly guide through process if any configuration required to change either at Firewall or Switch Level.


This thread was automatically locked due to age.
  • +1

    Yes it is. It uses the physical MAC of the interface to be accessible. You should consider to create a Peer Admin IP in each and every Interface, you want to connect. Most likely a access "over" the primary is not possible (So you coming from Port1 and want to access the Port2 of the second appliance). Instead you should create a Peer Admin IP of Port2 and directly access it. 

    The ARP will work, as the Aux appliance only reply to the physical MAC of itself. The Cluster (Primary) uses a virtual MAC and communicate with those MACs. So Basically the Aux will not reply to anything except the own physical addresses. 

    __________________________________________________________________________________________________________________

Unfiltered HTML