Hello McAfee Community,
I have a question regarding Sidewinders, which I use at work.
We have 2 Sidewinder Firewalls in a cluster, operating in active/standby configuration.
When I browse to the audit logs on our standby unit, it shows evidence of packets passing through this firewall.
Most if not all of these packets are of type "iptraffic" (type is one of the fields when viewing the audit logs, and iptraffic is the value). I should mention that I am accessing the Sidewinder via a GUI interface, using the McAfee Admin Console.
I would like to know;
why is there traffic passing through the standby unit?
and the "iptraffic" classification, what does this mean?
Standby firewalls do not pass any traffic. What you are seeing are IP filter shared sessions from the primary. The standby adds them to it's session table so that it can pass the traffic immediately after a failover.