Moved to Enterprise Firewall
My suggestion is to call into Support and open a ticket and we can do a remote session to figure this out.
Oh i would have already, but our license renewal has been held up in the Purchasing dept for far too long.
Scratch that. I just submitted a service request.
i've sorted out the cluster issue yesterday (Sunday.) Here are the steps necessary to fix the cluster:
1. Remove the Secondary fw from the cluster in the HA window
2. Change Primary fw to Standalone
3. Enable IPv6 on both firewall's Internal interfaces, configure, save.
4. Enable IPv6 on External interface. I have not yet configured.
5. Run Cluster Wizard on Primary; create cluster, configure IPs, heartbeat zone, etc.
6. Remove all 'alias' IPs from Secondary fw. Only 'primary' IPs should be configured. When joining to an existing cluster, config will copy from Primary to Secondary
7. Run Cluster Wizard on Secondary. Join existing Cluster. Use the Primary's primary Heartbeat Zone IP address.
Now that i have my cluster re-created, and IPv6 enabled, the VPN to our remote location broke. Nothing has been modified with the VPN Definitions and it is still set to use v4, not v6. I'm assuming that enabling IPv6 somehow broke the connection. The remote firewall doesnt have v6 enabled.
Can anyone shed some light on how to go about re-enabling the VPN connection between the two firewalls?
I was able to fix our VPN connection last week. Turns out it was an oversight on my part when the cluster was recreated.
When the cluster was re-created, the Primary and Clustered external IPs were reordered in the list. I learned that this list is hierarchical, so certain connections will grab the 1st IP address in the list. Well, that 1st IP was used for a website, not the VPN. I reordered the IP list, but that still didnt quite fix the VPN.
Next, I went into the VPN properties and manually specified the external IP address that the VPN should use instead of the default "localhost."
So that fixed it. Case closed.