Technical data
34 Known limitations and considerations in this release
217316-A Rev 00
• If all policies are unloaded from a Firewall iSD enabled with HA and SYNC,
the
/maint/diag/fw/ldplcy command does not work correctly and
generates a time out error. (Q01033794)
• When using SmartDefense, some FTP commands restricted by the FTP
Security Server feature are still accessible by the user. Examples include:
type, help, pwd, and byte. (Q01025374)
• A second Firewall iSD added to a cluster may fail to be deleted from the
cluster, despite a successful boot delete message. If the Firewall iSD is not
deleted from the cluster, it cannot be joined to another cluster. (Q01001182)
The following steps provide an example of this issue on the Passport 8600:
1 Configure NAAP VLAN.
2 Configure cluster 1 (create the firewall, sync VLAN, and management
VLAN for cluster 1).
3 Add Firewall iSDs 1 and 2 to cluster 1, and create the firewall VLAN for
cluster 1.
4 Configure NAAP ENA.
5 On the Passport 8600 iSD, join the 2nd Firewall iSD to a cluster and
configure the VRRP firewall interfaces.
6 Enable HA, CP sync, and push CP policies.
7 Enter the following command from the cluster:
/boot/delete iSD 10.10.1.2
The boot delete appears to be successful.
8 Enter the following command on Firewall iSD 1 to see that the second
Firewall iSD is still in the cluster:
/cfg/sys/cluster/host
• At least one interface must be configured before enabling HA. If no interfaces
are configured, the following error message is returned:
[root@a10-10-1-2 root]# <10>Dec 1 12:12:09 a10-10-1-2
vrrpd: CRITICAL: Configuration file open problem...
<10>Dec 1 12:12:19 a10-10-1-2 vrrpd: CRITICAL:
Configuration file open problem.
(Q01039776)