Todo #16635
closed
Allow gateway recovery to work for the default failover gateway group when all gateways are offline
100%
Description
When a failover gateway group has no online gateways available, the gateway rule label is omitted. Firewall states at this point will be created by rules which do not have the necessary label for gateway recovery to work. Hence once a gateway comes back online the old states will not be killed by gateway recovery.
Updated by Marcos M 1 day ago
- Description updated (diff)
- Status changed from New to Resolved
- Target version set to 2.9.0
- % Done changed from 0 to 100
- Plus Target Version set to 25.11.1
Implemented with 2b789f267f14285a7c810fd2212df0bcda2300ce.
This can only be fixed for the default failover gateway group and only when a default gateway can be detected. Policy routing rules which use a separate failover gateway group cannot support gateway recovery in this scenario (all gateways in the group are offline). That can be left to a separate redmine; some requirements would be:
- Adjust "Skip rules when gateway is down" option behavior where needed
- Account for pending gateways (i.e. gateways with no available IP address)