FSW slow in cluster mode

Good morning,
recently in our new office we have implemented a cluster with 2 M370 in active / passive mode and everything works smoothly, the only thing I find different from our other office where we have only one M370 is the slowness found in the FSW.

In fact, all the logs and also the application generally seems slower and it is almost difficult to show the logs or switch from one Tab to another, has this happened to someone?

Thank you

Comments

  • The WatchGuard policy (policy type WG-Firebox-Mgmt) controls administrative connections to the device. By default, the WatchGuard policy allows management connections from the Any-Trusted or Any-Optional aliases. If you set the FireCluster Management Interface to a Trusted or Optional interface, the Management Interface IP addresses are automatically included in the Any-Trusted alias or the Any-Optional alias, and you do not need to modify the WatchGuard policy for FireCluster management connections to operate correctly.

    There are two situations for which you must edit the WatchGuard policy to add the FireCluster Management IP addresses:

    If you restrict management access to specific IP addresses
    To restrict management access to specific IP addresses, you can edit the WatchGuard policy to remove the Any-Trusted or Any-Optional aliases from the From section, and add only the IP addresses or aliases that you want to manage the device. If you do this, it is important that you also add the FireCluster Management IP addresses to the From section of the WatchGuard policy.
    If you set the FireCluster Management Interface to an External interface
    If you select an External interface as the FireCluster Management Interface, you must either add the FireCluster Management IP addresses or add the Any-External alias to the From section of the WatchGuard policy. Your configuration is more secure if you add the specific Management IP addresses than it is if you add the Any-External alias.

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/ha/cluster_mgmt_interface_about_wsm.html
  • Hello RVilhelmsen,

    in fact our configuration is stadard "from the Any-Trusted or Any-Optional aliases. If you set the FireCluster Management Interface to a Trusted or Optional interface, the Management Interface IP addresses are automatically included in the Any-Trusted alias or the Any -Optional alias "

    it's not that it doesn't work it's just plain slow, that's the point.

  • How are the two fireboxes connected?
    Directly or via a switch.

    Do you have other equitment running vrrp?
  • Hello,

    firewalls are directly connected, ports 6 and 7, no devices using vrrp

  • Try turn up logging on firecluster og management modules and see if anything should show up.

  • Hello,

    can you suggest me how?

  • setup -> logging -> Diagnostic log level

  • Ok, this already done, I thought there was more to enable per cluster, thanks

  • in fact we have 2 other devices that use vrrp for synchronization, mikrotik

  • they use these IDs 190/51/2/100/99/188/16/26/17/15, possible some conflict?

  • our cluster ID is 50

  • > @Cristiano said:
    > our cluster ID is 50

    Cant say if there is a conflict, but you can always try to change it.
    Just remeber the cluster gets a new mac address.
Sign In to comment.