Why does the log server receive NAT session logs from both the active and standby firewalls

15

If the log configuration is synchronized to the standby firewall, the standby firewall sends logs
to the log server.
You can perform the following steps to negate the log configuration on the standby firewall:
1. Run the undo hrp auto-sync config command to disable the automatic configuration synchronization function.
2. Negate the log server configuration.
3. Run the hrp auto-sync config command to enable the automatic configuration synchronization. This ensures that subsequent configurations can be automatically synchronized to the standby firewall.

Other related questions:
Why are the session tables on the active and standby firewalls different
Check the status of the heartbeat link. If the heartbeat link fails, the sessions on the active firewall cannot be synchronized to the standby firewall. If the automatic session backup function is disabled, the sessions on the two firewalls are different. Even when the automatic session backup function is enabled, sessions are not synchronized in real time. Only when the sessions to be synchronized are detected by the session aging thread, the sessions are synchronized to the standby firewall. Therefore, established sessions are synchronized to the standby firewall after a period (about 10 seconds). The firewalls do not back up sessions of the following types when the automatic session backup function is enabled: -Sessions to the firewall -Half-open TCP connections -Sessions in which the first packets are UDP packets and subsequent packets are not (such as the BitTorrent packets)

Whether the standby firewall on a hot standby network sends session logs
The standby firewall sends session logs only when the firewalls are deployed in load balancing mode. That is, when the standby firewall processes traffic, it sends session logs. If the sessions are backed up on the standby firewall, the standby firewall does not send session logs.

Why are the sessions of the current active firewall marked with remote after active/standby switchover
The sessions marked with remote are synchronized from the original active firewall. After active/standby switchover, the synchronized sessions are still marked with remote until the sessions age out.

Why are not commands executed on the active firewall synchronized to the standby firewall
If you disable the automatic configuration synchronization function, the configurations are not synchronized. Besides, not all commands can be synchronized. For example, interface and routing configurations cannot be synchronized. For commands that can be synchronized, see Specifications.

Reason why the firewall displays the FIB timeout log
It is normal for the firewall to display the following information: 2010-04-08 16:48:35 CS-NGFW-1 FIB timer 385 timeout! 2010-04-08 16:48:30 CS-NGFW-1 FIB timer 938 timeout! 2010-04-08 16:48:25 CS-NGFW-1 FIB timer 213 timeout! 2010-04-07 16:48:35 CS-NGFW-1 FIB timer 837 timeout! 2010-04-07 16:48:30 CS-NGFW-1 FIB timer 573 timeout! 2010-04-07 16:48:25 CS-NGFW-1 FIB timer 427 timeout! 2010-04-06 16:48:35 CS-NGFW-1 FIB timer 791 timeout! 2010-04-06 16:48:30 CS-NGFW-1 FIB timer 841 timeout! 2010-04-06 16:48:25 CS-NGFW-1 FIB timer 400 timeout! This is a normal phenomenon. The firewall updates and displays log information every 24 hours, which ensures that the control and forwarding planes have synchronized routing information.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top