Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

question of Gateway Enforcer failover

Updated: 21 May 2010 | 3 comments
noble's picture
noble
Accredited
Certified
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hi,i have two Gateway enforcer as failover mode.
now the port eth0(internal port) of standby enforcer can not connect SEPM.
i check log of enforcer communication in SEPM,it show :
             137
   1.1.1.255
        1.1.1.1
      blocked

1.1.1.1 is ip of standby enforcer external port.

but ,the standby one can up and work once the active on is offline.
the status of standby one is always:
         ONLINE(Standby)
         NO
the version of snac and enforcer  is 11.0.4000.
the settings of failover is default.

discussion Filed Under:
, ,

Comments

Vikram Kumar-SAV to SEP's picture
24
Jul
2009
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

issue

May be i am not getting the issue clearly..

So when the Main Enforcer is shutdown the Failover activates and acts as main one..
So when this failover activates does it connect to SEPM ?
Is yes then it is working the way it should..

All the settings are replicated between these two enformcers once configured so why should it connect to SEPM once it is in standby mode..

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

noble's picture
24
Jul
2009
0 Votes 0
Login to vote
noble
Accredited
Certified

thanks for your help you are

thanks for your help

you are right,the standby one can connect to SEPM when Main Enforcer is down.it's change to yes status.

why i confused enforcer status is that the SNAC Agnet can connect some server pass though Gateway Enforcer,but another can be connected.these server are not exist any trust ip list,and the snac agent had passed local HI check.

two gateway enforcers are add same route as follow:
route add 0.0.0.0 netmask 0.0.0.0 gateway x.x.x.x device eth0
is this static route must add?

Vikram Kumar-SAV to SEP's picture
24
Jul
2009
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

STP

It looks like your switch is blocking the port for the second gateway enforcer..

Do you have STP ( Spanning Tree Protocol ) enabled on your switches ? 

Switches using STP protocol need to have port connecting to any Gateway Enforcer configured for immideate packet forwarding.
If you are using Cisco switch it is called Portfast.

I don't beleive a static route is required for failovers..

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

SOLUTION

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,806