03-15-2017 02:19 AM
We are thinking to write a script to checks the parameters that are required to be verified before and after the firewall failover.
Can someone please help me with the checklist for this. I am new to firewall and not sure on what all we need to check during the failover.
03-16-2017 11:59 AM
Hello @anu neni
I spoke with a TAC representative regarding your question and this was his response:
"I’m not 100% sure what he means by “list of parameters”. We normally use the firewall together with VRRP for redundancy and configure the synchronization to make sure that both firewalls are in-sync.
One can issue command show vrrp to make sure that both firewall routers are working properly after failover and show config-sync status to check if configuration has become out-of-sync."
We hope this helps! If you have any follow-up questions about this, please let us know.
Brocade Community Team
03-20-2017 11:14 AM
At least, you need to verify that the size of the session table and the volume of traffic are about the same before and after the failover, by using "show session-table statistics" and "show interfaces dataplane <interface_name>" for all interfaces and look at bitrates and packet rates for the last 1, 5, and 15 minutes.
Depending on the size of the session table, you might also want to check all entries and see if there are major differences and if there are any sessions missing, which timeout was not due to expire during the failover.