FSW slow in cluster mode
recently in our new office we have implemented a cluster with 2 M370 in active / passive mode and everything works smoothly, the only thing I find different from our other office where we have only one M370 is the slowness found in the FSW.
In fact, all the logs and also the application generally seems slower and it is almost difficult to show the logs or switch from one Tab to another, has this happened to someone?
Sign In to comment.
There are two situations for which you must edit the WatchGuard policy to add the FireCluster Management IP addresses:
If you restrict management access to specific IP addresses
To restrict management access to specific IP addresses, you can edit the WatchGuard policy to remove the Any-Trusted or Any-Optional aliases from the From section, and add only the IP addresses or aliases that you want to manage the device. If you do this, it is important that you also add the FireCluster Management IP addresses to the From section of the WatchGuard policy.
If you set the FireCluster Management Interface to an External interface
If you select an External interface as the FireCluster Management Interface, you must either add the FireCluster Management IP addresses or add the Any-External alias to the From section of the WatchGuard policy. Your configuration is more secure if you add the specific Management IP addresses than it is if you add the Any-External alias.
in fact our configuration is stadard "from the Any-Trusted or Any-Optional aliases. If you set the FireCluster Management Interface to a Trusted or Optional interface, the Management Interface IP addresses are automatically included in the Any-Trusted alias or the Any -Optional alias "
it's not that it doesn't work it's just plain slow, that's the point.
Directly or via a switch.
Do you have other equitment running vrrp?
firewalls are directly connected, ports 6 and 7, no devices using vrrp
Try turn up logging on firecluster og management modules and see if anything should show up.
can you suggest me how?
setup -> logging -> Diagnostic log level
Ok, this already done, I thought there was more to enable per cluster, thanks
in fact we have 2 other devices that use vrrp for synchronization, mikrotik
they use these IDs 190/51/2/100/99/188/16/26/17/15, possible some conflict?
our cluster ID is 50
> our cluster ID is 50
Cant say if there is a conflict, but you can always try to change it.
Just remeber the cluster gets a new mac address.