Hi all,

I got myself a nice problem :smileycry:

I have two ESXi 5.5 host, each server runs a guest Sophos UTM9, these are used as gateway/firewall in active/passive mode. Each server has one physical NIC for this LAN traffic. Connected on a dvSwitch.

They active/passive is working fine, when one goes down the other takes over and vice versa. But, I noticed that one of my ESXi servers had some problems. It has DNS issues and couldn't ping the Gateway. I did check all settings and all turns out to be fine. Strange thing was that after a reboot I can ping the gateway for a minute or two and after these minutes the gateway becomes unavailable on one ESXi server. On the other ESXi server there are no problems and the gateway is responding. Checking for differences between the two ESXi server gave no result, checking the UTM gateway and again nothing to detect.

Then it struck me :smileyshocked:, after the reboot the second (passive) UTM Gateway comes online in 1 or 2 minutes and on that moment problems start. The problems are on the ESXi server with the passive UTM.

I suspect that the ESXi servers sees the (passive) UTM gateway on the servers internal network card and instead of sending the traffic over the switch to the ESXi server with the active UTM it keeps the traffic local resulting in PING and DNS failures.

It seems to me that this is a active/passive problem and I have to tell the ESXi host with the passive gateway to forward the traffic to the other server, for incoming and outgoing traffic. I been thinking of LACP configuration, getting the dvSwitch ports of the two physical server seen as one. But, untill now I'm not getting the desired result. Can anyone help me on getting this active/passive gateway cluster working?