Actions
Feature #16502
open
Support state killing on gateway recovery for policy-routed traffic from the firewall itself
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
25.11
Release Notes:
Default
Description
The "State Killing on Gateway Recovery" options under System > Advanced > Miscellaneous are an "all or nothing" solution. Notably none of the options allow for both of the following at the same time:
- Kill states from the firewall itself for lower-priority gateways
- Keep states from policy routing user rules that specify a (non-group) gateway which is also part of the default failover gateway group.
- The "State Killing on Gateway Recovery" option is set to "Kill all states for lower-priority gateways".
- The default failover gateway group is called WANGROUP with gateway members WAN1GW (tier 1) and WAN2GW (tier 2).
- Both WAN1GW and WAN2GW are online.
- A user rule policy-routes all traffic to 198.51.100.1 via WAN2GW.
- A user rule policy-routes all other traffic via WANGROUP.
In this configuration states for 198.51.100.1 will be reset each time the filter is reloaded (e.g. as part of the scheduled rules cron job). This happens because the states exist for a lower-priority gateway.
Add a new option which allows for state killing on gateway recovery (for traffic from the firewall itself) without unnecessarily also killing states from policy routing user rules.
Updated by Marcos M 1 day ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset 5892cfc70e948724823e72d9366b6ca5f54e1c93.
Actions