At undetermined intervals (at least 3 times in the last 2 months) an IP will become inaccessible for all clients communicating through the firewall.
The issue was discovered when one of our web applications was experiencing slow load times. We identified that the application was attempting to validate SSL certificates through Digicert's CRL (clr3.digicert.com) which was not accessible causing the web application to fail.
Other traffic is not affected, and the firewall is able to ping the server using ssh and the GUI dignostic utility with FQDN and IP. Client machines are able to traceroute to points outside the firewall, but can not reach the end device.
I have restarted all services accessible via the GUI interface and excluded the IP and FQDN from any policy application, and have created a rule specific for this traffic that can successfully block the traffic, but when set to accept the IP remains unreachable.
If traffic is routed through an alternate gateway bypassing the firewall, the server is accessible, however, a server hosted in the DMZ zone is unable to reach the server with the firewall being its only gateway. IP is also reachable via Firewall's gateway
The only resolution is to conduct a full power reboot, the firewall is configured in HA and the issue persists through HA handoff.
Any help in fixing this besides turning it on and off again would be really appreciated
This thread was automatically locked due to age.
