SIP/RTP Traffic Issues in Palo Alto Active-Active vWire Setup Causing MAC Flapping In L3 devices

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SIP/RTP Traffic Issues in Palo Alto Active-Active vWire Setup Causing MAC Flapping In L3 devices

In a Palo Alto Active-Active vWire setup, traffic entering a port on Device A is not supposed to egress from any port on Device B. The HA3 link is typically used to forward packets from the active-secondary device to the active-primary device for processing and evaluation against security policies. However, in your setup, you are observing that traffic—especially SIP and RTP traffic related to phone connectivity between clients and servers—sometimes enters the primary-active firewall, traverses the HA3 link, and then egresses from the secondary-active firewall. This behavior is causing MAC address flapping on the Layer 3 device connected to both firewalls.

 

To temporarily resolve this issue, I have to manually clear the inbound and outbound phone sessions from the secondary firewall.

 

Can some help me to understand where this issue might be. 

 

0 REPLIES 0
  • 186 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!