Thanks. I don't understand last comment. I think this problem is about issue GEN-999 ?
yesterday I had a failover on a 6600. Invalid otp result. I fixed it at the moment with another failover back to the main unit. Failover due to a process: "05/11/2023 10:35:24.656DP Core 14 GAV Processing taking 1 seconds05/11/2023 10:35:26.672Reboot due to DP Core[14] hang05/11/2023 10:35 :26.672Core Trace 14:
causes: Interrupts"
Firmware old but currently stable 6_5_4_7-83n--HFGEN6-1249
@Alberto do you believe that GEN6-999 might affect you? This issue sounds like it's meant for users not already binded their TOTP, but I might be wrong here, never faced this specific one.
TOTP authentication is not supported on a High Availability pair when the same user has different QR code and scratch code on primary/secondary HA firewalls. GEN6-9
If you can reproduce this issue with a simple failover I would raise a ticket for this.
Answers
@Alberto it's preserved, otherwise this would be a disaster everytime the unit switches the TOTP binding would became invalid.
But fair question, we've seen questionable things in the past :)
--Michael@BWC
Thanks. I don't understand last comment. I think this problem is about issue GEN-999 ?
yesterday I had a failover on a 6600. Invalid otp result. I fixed it at the moment with another failover back to the main unit. Failover due to a process: "05/11/2023 10:35:24.656DP Core 14 GAV Processing taking 1 seconds05/11/2023 10:35:26.672Reboot due to DP Core[14] hang05/11/2023 10:35 :26.672Core Trace 14:
causes: Interrupts"
Firmware old but currently stable 6_5_4_7-83n--HFGEN6-1249
@Alberto do you believe that GEN6-999 might affect you? This issue sounds like it's meant for users not already binded their TOTP, but I might be wrong here, never faced this specific one.
TOTP authentication is not supported on a High Availability pair when the same user has different QR code and scratch code on primary/secondary HA firewalls. GEN6-9
If you can reproduce this issue with a simple failover I would raise a ticket for this.
--Michael@BWC