Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 4 subscribers
  • Views 6763 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA active/active, firewall rules stop working 8.202

beheerder1
We have some problems lately, some of our firewall rules stop working during the day, after a reboot of one of the astaro's or sometimes after like 4 hours they are suddenly working again.

Another question, what you see on the attachment (HA configured active-passive) both asg320 shows active. Is that correct?


I updated last week to 8.202, then above problem occurred, can i simple restore back to 8.103? (from automatic backup)


This thread was automatically locked due to age.
Parents
  • 0
    That's what I was afraid of.  You need to change that.  The only definition that you should have/need bound to a specific interface is the locked "Internet" definition supplied by Astaro.

    1. Check the 'DNAT/SNAT' tab.  In all cases where you use an address on an Astaro interface, you should use the address object created by WebAdmin.  For example, "External (Address)" or "External [Additional] (Address)" instead of a host definition "Something" bound to the External interface.

    2. After making all necesssary changes in NAT rules, go through all of your host and network definitons and set 'Interface: >'.

    After this, everything should work correctly,

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    That's what I was afraid of.  You need to change that.  The only definition that you should have/need bound to a specific interface is the locked "Internet" definition supplied by Astaro.

    1. Check the 'DNAT/SNAT' tab.  In all cases where you use an address on an Astaro interface, you should use the address object created by WebAdmin.  For example, "External (Address)" or "External [Additional] (Address)" instead of a host definition "Something" bound to the External interface.

    2. After making all necesssary changes in NAT rules, go through all of your host and network definitons and set 'Interface: >'.

    After this, everything should work correctly,

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    for point1, we dont use DNAT or SNAT.

    And for your 2nd point, we have more then 60 rules with host/network definitions bound to an interface, and only 1 rule that give problems (that i know off) since 2 weeks and sometimes during the day.
Unfiltered HTML