Showing results for 
Search instead for 
Did you mean: 

Passive Firewall No Longer Connects in Admin Console

We're in the process of moving into the IPv6 world. I need to enable v6 on the interfaces of our cluster. We have (2) 4016s firewalls in an Active/Passive cluster.

The other night i tried to enable IPv6 on the "internal" interface only to be greeted with a message saying that IPv6 cannot be enabled on the heartbeat zone. I then had to change the heartbeat zone from the "Internal" interface to another interface, in this case another much-less used interface. When i changed the heartbeat zone, i got a warning message saying that the firewalls would need to reboot to make the changes. I clicked OK only to find that the firewalls never rebooted. It seems, however, that the zone was changed anyway.

After this change, the passive firewall wont connect to the admin console. I checked the CLI via our KVM, and it's just fine. I'm also able to SSH to it. I rebooted the fw through SSH this morning; that made no difference. I can ping the firewall too. It simply wont connect via the admin console. The message in the console reads:

"This firewall is not available due to either an intentional system shutdown or a failed connection attempt. You must reconnect to obtain configuration information from this firewall."

Can someone help me fix this issue? I'm at a loss right now.

Thank you.

5 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

Re: Passive Firewall No Longer Connects in Admin Console

Moved to Enterprise Firewall




Level 14
Report Inappropriate Content
Message 3 of 6

Re: Passive Firewall No Longer Connects in Admin Console

My suggestion is to call into Support and open a ticket and we can do a remote session to figure this out.

Re: Passive Firewall No Longer Connects in Admin Console

Oh i would have already, but our license renewal has been held up in the Purchasing dept for far too long.

Scratch that. I just submitted a service request.

Re: Passive Firewall No Longer Connects in Admin Console

i've sorted out the cluster issue yesterday (Sunday.) Here are the steps necessary to fix the cluster:

1. Remove the Secondary fw from the cluster in the HA window

2. Change Primary fw to Standalone

3. Enable IPv6 on both firewall's Internal interfaces, configure, save.

4. Enable IPv6 on External interface. I have not yet configured.

5. Run Cluster Wizard on Primary; create cluster, configure IPs, heartbeat zone, etc.

6. Remove all 'alias' IPs from Secondary fw. Only 'primary' IPs should be configured. When joining to an existing cluster, config will copy from Primary to Secondary

7. Run Cluster Wizard on Secondary. Join existing Cluster. Use the Primary's primary Heartbeat Zone IP address.


Now that i have my cluster re-created, and IPv6 enabled, the VPN to our remote location broke. Nothing has been modified with the VPN Definitions and it is still set to use v4, not v6. I'm assuming that enabling IPv6 somehow broke the connection. The remote firewall doesnt have v6 enabled.

Can anyone shed some light on how to go about re-enabling the VPN connection between the two firewalls?


Re: Passive Firewall No Longer Connects in Admin Console

I was able to fix our VPN connection last week. Turns out it was an oversight on my part when the cluster was recreated.

When the cluster was re-created, the Primary and Clustered external IPs were reordered in the list. I learned that this list is hierarchical, so certain connections will grab the 1st IP address in the list. Well, that 1st IP was used for a website, not the VPN. I reordered the IP list, but that still didnt quite fix the VPN.

Next, I went into the VPN properties and manually specified the external IP address that the VPN should use instead of the default "localhost."

So that fixed it. Case closed.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community