Bug #16868
open
Static route with Alias as destination network doesn't install itself in the routing table under some conditions
0%
Description
Steps to reproduce the issue:
1) HA cluster with a routed IPSec to a remote host. IPSec tunnel source IP is the CARP;
2) Firewall alias type Network with some network in it;
3) routed IPSec assigned as the interface, resulting gateway is set as unmonitored;
4) static route with the destination set as that Firewall alias with type Network, with gateway set as routed IPSec unmonitored gateway;
5) the route is installed into the main node route table correctly;
6) trigger the failover via CARP maintenance mode. Now both nodes do not have this route in the routing table.
7) trigger the failback. Now both nodes still do not have this route in the routing table.
If you re-save that Firewall alias with type Network, the route gets installed into the routing table again.
This issue cannot be reproduced if the static route in question has a network (and not alias) as the destination network.
status outputs after the failover-failback from the test firewalls attached
CARP: 192.168.254.33
Routed IPSec gateway: 10.15.0.1
Firewall alias with type: Network test_alias_dst_route
Static route: to 192.168.33.0/24
Files
No data to display