testfailovergroup
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2022 07:13 AM
Hello guys,
Just a quick question, how testfailovergroup command works?
I suspect we have issues with the failover, failover did not work. so I need to troubleshoot the issue.
I was thinking to execute testfailovergroup command but I don't want to have any downtime. is it safe? or it will perform failover once I execute it??
- Labels:
-
Web Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2022 09:35 AM
First i would advise to understand your environmetn, is this configured HA with CARP (Common Address Redundancy Protocol)?
First check >failoverconfig - see you have group before you doing testfailovergroup
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2022 02:11 AM - edited 02-11-2022 02:24 AM
Hello,
The profile is configured correctly, it works with CARP and I see that my second device is the primary which is expected.
How testfailovergroup command works?
The reason I ask is because when I did a failover two days ago, my network went down. The wsa01 did not undertake the traffic when the wsa02 was down.
On system logs, I saw the following:
Warning: The following update to the interface failed: ifconfig nic1 x.x.x.x delete Reason: ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
Warning: the following update to the interface failed: interface carp12 does not exist.
Warning: The following update to the interface failed: route -n add -host localhost -interface lo0 Reason: add host localhost: gateway lo0 fib 0: route already in table
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2022 06:34 AM
Do you have any high level diagram how this connected and network diagram.
what is the version you using ? as per the message, it not taking failover process correctly
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2022 02:07 AM
Hello,
Unfortunately, we don't have a network diagram, they are directly connected via the hypervisor as far as I know (I have only access on security appliances, but I will tell to systems to check it to be certain).
The version is 14.0.1-053.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2022 04:53 AM
Anyone??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2022 12:44 AM
I did a test with testfailovergroup, it's just the packets that are transmitted between the proxies. If anyone wants to use it, there is no impact in the production. As for the issue described above, possibly it was something temporary(?), not received any complains about the failover link.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2022 05:22 AM
thanks for the feedback and worked, we close this thread now
