Skip to content

Questions to Determine

  • What are the routing tables on Host A and Host B, and which gateway does each use?
  • Do the two firewalls (fw-01 and fw-02) share state, or are they independent stateful firewalls?
  • When Host A initiates a connection to Host B, which firewall does the SYN pass through, and which firewall does the SYN-ACK return through?
  • When Host B initiates a connection to Host A, does the return traffic (from A) traverse the same firewall as the initial SYN?
  • Are the firewall logs on fw-02 showing dropped packets for traffic from Host A destined to Host B?
  • Is there an asymmetric routing condition where outbound and return paths differ?
  • What does the firewall state table show on each firewall for connections between A and B?
  • Are there any policy-based routing rules or ECMP configurations that could cause path asymmetry?
  • Would the problem be resolved by enabling state synchronization between firewalls?