Messages

Anyone else noticed that the spinners regargless where they are shown are not all "still" and not "rotating" anymore?
This is very irritating in BE Manager where you get no idea which of the 50 Firewalls is still scanned or already waiting for updates....

My current tunables:

Code Select Expand

sysctl dev.igc.X.fc
dev.igc.X.fc: 0
sysctl hw.igc.eee_setting
hw.igc.eee_setting: 1
sysctl hw.igc.max_interrupt_rate
hw.igc.max_interrupt_rate: 32000
sysctl hw.igc.smart_pwr_down
hw.igc.smart_pwr_down: 0
sysctl net.link.ifqmaxlen
net.link.ifqmaxlen: 2048
sysctl net.inet.tcp.soreceive_stream
net.inet.tcp.soreceive_stream: 1

Thank you very much for sharing this. We will try with this settings as our issues are still ongoing.

You are building a bridging loop. The main reason being that in FreeBSD STP is off by default.

Edit the bridge interface, click on "Show advanced options", add all bridge member interfaces to "STP interfaces".

Thx for this hint.... we had same issue here and this seems to be the resolution....

We believe we have this behavior on a DEC3682. Is there any fix around for this appliance?

Did you ever fix this? Also have issues with DEC3862 here and Nics getting "stalled"....

I would expect that Deciso is aware of the issues with the Intel Nic and the DEC3862 and should provide fix or replacement?

No,  we are still having the issue since upgrading to 24.7.X.   It happens every 2 weeks or so.

Same here but more or less every 3 days.... using Zenarmor... we have a Ticket open with them now.... looks like something with netmap....

Did you ever fix this?

Hi,
what exactly is the problem? You have flooded you network?

Did you ever solve this?

We have a HA-Pair Deciso-Appliance here where Zenarmor is currently being evaluated.
We use CARP VIP with unicast, but this issue exists also when multicast was used.
About 12 VLANs and ZA is configured to protect only few of them and at least one dedicated interface.

Every few days and sometimes multiple times a day the firewalls get into split-brain or at least master stops processing traffic for some endpoints. For example 2 server in a subnet can communicate normal while other in the same subnet can not and are also not reachable per ping.

When we set Zenarmor to bypass everything returns to normal. Anyone had this issue already?

Sorry to bring this up again,
we have the same issue here. State-Sync enabled on master and slave brings "split-brain" after some days. Disable state-sync system is smooth as butter.....

We are using Unicast-VIP but this issue exists even before 24.10_7 with multicast....

Hi,

we have a pair of Deciso-Appliances here running in HA-Setup for about 12 VLANs. All are configured for CARP/VIP in Unicast-Mode and have the configured the IP of the Slave for direct CARP.

However, when we do a traffic capture, we can still see that one last interface continues to send VRRP Announments to 224.0.0.18. This should not happen in Unicast mode right?

Code Select Expand

1 0.000000 192.168.201.3 224.0.0.18 VRRP 70 Announcement (v2)

Did you ever solve this? What you might need is an AS-Prepend on your "secondary", this will force traffic to the master and on failure it will go through slave....

Can we get the "picture" widget back? I actually use this. Seriously ;)

I place the company logo of $customer on the dashboard so I always know which firewall I am working on at the moment.

My thouhts exactly !!!

Me too! Picture Widge is essential....