Knowledge Search


×
 

[ScreenOS] Can the backup firewall connect to the IC (Infranet Controller)?

  [KB25643] Show Article Properties


Summary:
This article describes the issue of being unable to connect the backup firewall to the IC (Infranet Controller). 
Symptoms:
Can the backup firewall be connected to the IC (Infranet Controller)?
Firewall(B)->
Firewall(B)-> get infr con name
INSTANCE HOST Port Interface State (SSL/SSH)
==============================================
IC-VIP 10.10.10.10 11122 redundant2 Connected/Closed
Contact Interval: 10 seconds
Cleanup Infranet state delay: 180 seconds
Timeout Action: Close
SSH has already been enabled and all necessary configurations and certificates have been properly set up.


Cause:
This firewall behavior is by design. The Infranet Controller (IC) should have an active connection established to only the Master firewall.


Solution:
  • The reason for this is that the IC will possibly push down the Authentication table to the Master firewall.

  • The Master firewall is then expected to sync the table to the backup firewall.

  • Both of the firewalls being connected to the IC could cause a situation, in which there are duplicate authentication entries in the authentication table.

NOTE : If in case there is need for both devices connect to IC, each device should have manage IP
Related Links: