[SCP] The Distributed Firewall policy configured on HCI cannot be synchronized to SCP
Problem Description
A user reported that the Distributed Firewall policy configured on HCI could not be synchronized to SCP. It could be synchronized normally before, but it suddenly cannot be synchronized normally recently.
Effective troubleshooting steps
- Check that the HCI Cluster status in SCP is normal and the connectivity is correct;
- The test shows that the Distributed Firewall added in SCP can be synchronized to HCI, but the policy configured on HCI cannot be synchronized to SCP.
Root cause
I have checked with my R&D colleagues and found that version 680 no longer supports synchronizing HCI's Distributed Firewall policy to SCP after the SCP SP package is loaded.
The package name is SP_SCP_680-FIX-collection-03 (or 04, and the subsequent 690 version has the same effect)
solution
Versions before 680 can automatically synchronize this policy. Versions after 680 (after loading the SP package) no longer support synchronizing HCI's Distributed Firewall policy to SCP. It is recommended to add a new Distributed Firewall policy in SCP and send it to HCI.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=36&type=1&category_id=19650&isOpen=true