NSA 2600 - Route Disabled After Reboot
I have been having an issue lately with multiple NSA 2600 firewalls on the latest firmware.
Both affected appliances, at different customers, have tunnel interface VPN policies. At one of the sites, the tunnel interface VPN connects two SonicWALLs together. At the other site, the VPN is connected to an Azure VPN gateway.
When either of the affected appliances is rebooted or suffers power loss, the route policy pointed to the tunnel interface remains in a disabled state and traffic won't flow across the VPN. Once I renegotiate the VPN manually, the route becomes enabled and everything works fine. This is requiring manual effort every time an appliance reboots, which is really sub-optimal. I even rebuilt one of the appliances from scratch and it did not solve the problem. The state of the setting "“Disable route when the interface is disconnected” on the route policy does not have any impact on the behavior.
None of our 6.5 products (NSA 2650, for example) or lower end Gen6 products (TZ500) are facing this problem. In our environment, only the NSA 2600s seem to be affected.
Has anyone else seen this?