try configuring "no ip no-implicit-service" on the CSS. Also make sure ICMP from the CSSto the firewall's are not blocked.reload CSS after that is configured. After that change, new flows should work. Existing flows may still fail until it timeed ou...
I understand you have CSS load balancers behind firewalls in a DMZ, could you clarify what interface changes the MAC address to the new address of the now active firewall after firewall failover? are you expecting VIPS failing over too?If firewall ...
