CloudGuard Network Security(IaaS) for Azure - Standby cluster member cannot access the Internet

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk175108
Technical Level
Product	CloudGuard Network for AWS, CloudGuard Network for Azure
Version	R80.40, R81
OS	Gaia
Platform / Model	AWS, Azure
Date Created	19-Aug-2021
Last Modified	14-Oct-2021

Symptoms

Azure test script fails.

$FWDIR/log/azure_had.elg (or aws_had.elg) contains the following:

    cphaconf = json.loads(subprocess.check_output(['cphaconf', 'aws_mode']))

  File "/opt/CPsuite-R81.10/fw1/Python/lib/python3.7/json/init.py", line 348, in loads

    return _default_decoder.decode(s)

  File "/opt/CPsuite-R81.10/fw1/Python/lib/python3.7/json/decoder.py", line 337, in decode

    obj, end = self.raw_decode(s, idx=_w(s, 0).end())

  File "/opt/CPsuite-R81.10/fw1/Python/lib/python3.7/json/decoder.py", line 355, in raw_decode

    raise JSONDecodeError("Expecting value", s, err.value) from None

json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

When running on the Active member # fw ctl zdebug + drop the following is seen from the Standby:

 @;1267753;[cpu_2];[fw4_2];fw_log_drop_ex: Packet proto=6 10.53.10.192:40900 -> 169.254.169.254:80 dropped by fw_send_impl Reason: fw_send_ex failed;

Cause

Standby cluster member is hidden behind the VIP when it should leave through the member IP.

Solution

Note: To view this solution you need to Sign In .