apooniajjn
commented
1 year ago Hi @mm-col sorry for the delay current supported use-case on NLB would be you need to do source NAT at firewall level. Incoming traffic will hit NLB and then it will go to one of the firewall and use source NAT to reach destination using source being firewall interface IP.
NLB traffic symmetry feature is on the roadmap.
Something isn't correct in the firewall config xml files for ha-active-passive. After committing, the management interfaces are no longer accessible (not suggesting the login fails as it is noted that the password changes, but the the interface is not accessible). Maybe something with switching from DCHP to static IP?
I notice commit never finishes in the gui, which indicates connectivity to the mgmt interface is lost. I just tested by importing the xml and before committing, changing the static mgmt IP to the IP that was previously assigned by DHCP. Commit finishes and I don't lose access to the mgmt interface.