Hi, there.. I deployed a pair of VM-Series (without HA) on a Hub VCN with a NLB as a front, and I'm trying to connect two spoke VCN that are connected to my hub VCN via LPGs. In the routing table of my LPGs I have a route pointing to my NLB. When Spoke1 wants to connect to Spoke2, traffic from Spoke1 goes through the NLB, the NLB sends it to one of the firewalls, and the firewall processes it, and sends it to the destination VCN (Spoke2), and the traffic arrives at the destination. However, the response does not reach the firewall. Apparently it stays in the NLB and is lost. When I bypass the NLB, pointing directly from LPG to my firewall, the traffic completes normally. Did this by any chance happen to you? It appears that the response, the NLB does not know how to send it to the firewall. The NLB is using FIVE-TUPLE. It's only east-west traffic. I'm not adding the DRG yet to my scenario. Thanks!
Hi, there.. I deployed a pair of VM-Series (without HA) on a Hub VCN with a NLB as a front, and I'm trying to connect two spoke VCN that are connected to my hub VCN via LPGs. In the routing table of my LPGs I have a route pointing to my NLB. When Spoke1 wants to connect to Spoke2, traffic from Spoke1 goes through the NLB, the NLB sends it to one of the firewalls, and the firewall processes it, and sends it to the destination VCN (Spoke2), and the traffic arrives at the destination. However, the response does not reach the firewall. Apparently it stays in the NLB and is lost. When I bypass the NLB, pointing directly from LPG to my firewall, the traffic completes normally. Did this by any chance happen to you? It appears that the response, the NLB does not know how to send it to the firewall. The NLB is using FIVE-TUPLE. It's only east-west traffic. I'm not adding the DRG yet to my scenario. Thanks!