cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
295
Views
0
Helpful
1
Replies

CSM 411 probe issues

fsebera
Level 4
Level 4

CSM Config below. Configured FTP 4 redundancy. Is there a way 2 tie PRIMARYOUTBOUND SF/VS probes 2 FTPOUT SF/VS so I don't have 2 send additional pings 2 remote side. Current setup requires each new SF/VS pair 2 send pings 2 remote side - Doesn't seem scalable.

R-----R

| |

CSM---CSM

| |

FW FW (Both firewalls are used simultaneously)

| |

CSM---CSM

| |

R-----R

module CSM 4

ft group 2 vlan 167

priority 110

preempt

!

vlan 160 client

ip address 192.168.200.165 255.255.255.240

route x.x.x.x x.x.x.0 gateway 192.168.200.161

route x.x.x.x x.x.x.0 gateway 192.168.200.161

route x.x.x.x x.x.x.0 gateway 192.168.200.161

alias 192.168.200.166 255.255.255.240

!

vlan 161 server

ip address 192.168.200.10 255.255.255.240

alias 192.168.200.12 255.255.255.240

!

probe OUT-SRV-ALIAS icmp

address 192.168.252.65

interval 5

failed 10

!

probe FWOS-[R]-CLIENT icmp

address 192.168.252.51

interval 5

failed 10

!

real B12-GEFW1-DMZ

address 192.168.200.8

inservice

real FW-GEFW1-DMZ

address 192.168.200.9

inservice

!

serverfarm BACKUP-FTPOUT

no nat server

no nat client

predictor hash address source

failaction purge

real name B12-GEFW1-DMZ

inservice

probe OUT-SRV-ALIAS

!

serverfarm BACKUP-OUTBOUND

no nat server

no nat client

predictor hash address source

failaction purge

real name B12-GEFW1-DMZ

inservice

probe OUT-SRV-ALIAS

!

serverfarm FTPOUT

no nat server

no nat client

predictor hash address source

failaction purge

real name B12-GEFW1-DMZ

health probe FWOS-[R]-CLIENT

inservice

real name FW-GEFW1-DMZ

inservice

probe OUT-SRV-ALIAS

!

serverfarm OUTSIDE-TO-NIH

no nat server

no nat client

predictor forward

failaction purge

!

serverfarm PRIMARYOUTBOUND

no nat server

no nat client

predictor hash address source

failaction purge

real name B12-GEFW1-DMZ

health probe FWOS-[R]-CLIENT

inservice

real name FW-GEFW1-DMZ

inservice

probe OUT-SRV-ALIAS

!

serverfarm RETURN-FTP

no nat server

no nat client

predictor forward

failaction purge

!

sticky 20 netmask 255.255.255.255 timeout 300

!

policy HOW-TO-FORWARD

serverfarm PRIMARYOUTBOUND backup BACKUP-OUTBOUND sticky

!

policy FTP

serverfarm FTPOUT backup BACKUP-FTPOUT sticky

!

vserver FTPOUT

virtual 0.0.0.0 0.0.0.0 tcp ftp service ftp

vlan 160

sticky 300 group 20

reverse-sticky 20

replicate csrp sticky

replicate csrp connection

persistent rebalance

slb-policy FTP

inservice

!

vserver NIH-161-VS-A

virtual xxx.xxx.0.0 255.255.0.0 any

vlan 161

serverfarm OUTSIDE-TO-NIH

replicate csrp sticky

replicate csrp connection

persistent rebalance

inservice

!

vserver NIH-TO-OUTSIDE

virtual 0.0.0.0 0.0.0.0 any

vlan 160

replicate csrp sticky

replicate csrp connection

persistent rebalance

slb-policy HOW-TO-FORWARD

inservice

!

vserver RETURN-FTP

virtual 0.0.0.0 0.0.0.0 tcp ftp service ftp

vlan 161

serverfarm RETURN-FTP

replicate csrp sticky

replicate csrp connection

persistent rebalance

inservice

vserver type prot virtual vlan state conns

NIH-161-VS-A SLB any x.x.x.x/16:0 161 OPERAT 27377

NIH-161-VS-B SLB any x.x.x.x/16:0 161 OPERAT 2051

NIH-161-VS-C SLB any x.x.x.x/16:0 161 OPERAT 1986

NIH-161-VS-D SLB any x.x.x.x/18:0 161 OPERAT 108

NIH-TO-OUTSIDE SLB any 0.0.0.0/0:0 160 OPERAT 57919

FTPOUT SLB TCP 0.0.0.0/0:21 160 OPERAT 79

RETURN-FTP SLB TCP 0.0.0.0/0:21 161 OPERAT 0

show mod csm 4 policy

policy: HOW-TO-FORWARD

serverfarm: PRIMARYOUTBOUND

backup serverfarm: BACKUP-OUTBOUND (sticky)

policy: FTP

serverfarm: FTPOUT

backup serverfarm: BACKUP-FTPOUT (sticky)

1 Reply 1

umedryk
Level 5
Level 5

As far as I know, this cannot be done.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: