[ScreenOS] Can the backup firewall connect to the IC (Infranet Controller)?

  [KB25643] Show Article Properties

This article describes the issue of being unable to connect the backup firewall to the IC (Infranet Controller). 
Can the backup firewall be connected to the IC (Infranet Controller)?
Firewall(B)-> get infr con name
INSTANCE HOST Port Interface State (SSL/SSH)
IC-VIP 11122 redundant2 Connected/Closed
Contact Interval: 10 seconds
Cleanup Infranet state delay: 180 seconds
Timeout Action: Close
SSH has already been enabled and all necessary configurations and certificates have been properly set up.

This firewall behavior is by design. The Infranet Controller (IC) should have an active connection established to only the Master firewall.

  • The reason for this is that the IC will possibly push down the Authentication table to the Master firewall.

  • The Master firewall is then expected to sync the table to the backup firewall.

  • Both of the firewalls being connected to the IC could cause a situation, in which there are duplicate authentication entries in the authentication table.

NOTE : If in case there is need for both devices connect to IC, each device should have manage IP
Related Links: