12-18-2016 05:10 AM
Dear all
i have Cisco Email Security Appliance C190 with Version: 9.1.2-036
And i get this Warning message
Error connecting to cluster machine xxxxxxx.xxxxxxxxxx.com (Serial #: XXXXXXXXXXXXXXX) at IP x.x.x.x - Existing connection dropped -
Version: 9.1.2-036
Serial Number: xxxxxxxxxxxxx
Timestamp: 18 Dec 2016 13:33:05 +0200
12-18-2016 12:04 PM
Hello Amira,
Generally, every clustered machine establishes an SSH connection to all other machines in the cluster. Clustered machines ping each other every 2 minutes to verify the connectivity. If a machine does not receive a response form the other end within 2 minutes, it closes the connection and establishes a new one.
If this is a one time alert then the probable cause is most likely some network latency.
You can review the current cluster connectivity via the CLI by using the following commands : clusterconfig --> connstatus. You can also perform telnet tests from one ESA to another via port 22 or 2222 (whichever the cluster is using) to verify current connectivity.
Thanks!
-Dennis M.
12-18-2016 11:21 PM
hello dmccabej
actually they are connected by ping and ssh and all configuration is made on cluster simultaneously but i received this message as warning on my email
i have no idea for what is the cause ?
12-18-2016 11:27 PM
Hello Amira,
do you have a firewall in between the cluster connection, that may drop persistent connections after a given time?
Best regards,
Martin
12-19-2016 02:25 AM
Actually yes i have a firewall in between but the connection is working good
IS there any firewall can work and stop and work again , As the cluster is working normally
12-19-2016 06:27 AM
Hello Amira,
Since the cluster members are currently connected successfully, and unless this is alerting often, then I think at this point it's safe to ignore. More than likely a transient network related issue.
If you wish though, you can certainly go down the path of checking the timeouts on the firewall as Martin suggested to help mitigate future errors.
Thanks!
-Dennis M.
12-19-2016 06:32 AM
Hello Amira,
the issue with the firewall may be that it sees SSH connections between the appliances without actual traffic. It may then assume it is a stalled connection and drops it. The ESAs then try to re-establish the SSH connection (which works fine) and is sending the warning message which you have indicated in your first post.
I'd recommend to review your firewall if it indeed drops connections in case there is no traffic on it for a given time interval. If the given warning message is sent in regular intervals (e.g. 5 or 10 minutes), you could approach your firewall administrator asking if there is a timeout for connections set up on the firewall with the observed interval.
As Dennis already stated, not a point to be concerned as it has no operational impact. However, in order to get rid of the warning messages, I'd recommend to check the firewall here.
Best regards,
Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide