Operational Defect Database
BugZero found this defect 482 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000BcG6SAK
Dynamic routes configured on FireCluster do not flush correctly after upgrade to v12.9
Last update date:
1/23/2023
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.9.x
Fixed releases:
v12.9.3
Description:
Issue
In a FireCluster that is set up with dynamic routing, the route table contains routes learned via a dynamic routing protocol. During the FireCluster upgrade process to v12.9, the learned routes are saved. In Fireware v12.9, the routing engine was updated (see the Fireware v12.9 Release Notes). After the FireCluster upgrade to v12.9 completes, there are duplicate routes loaded with different metrics in the routing table. The routing to these networks will fail. For example:10.10.0.0/16 via 192.168.1.1 dev vlan1 proto zebra metric 2010.10.0.0/16 via 192.168.1.1 dev vlan1 proto ospf metric 11010.10.0.0/16 dev bvpn3 proto static scope link metric 200
Workaround/Solution
Completely shut down both cluster members.Boot the cluster members one at a time to bring them back up. This completely flushes and clears the routing table.
