[andrew]

Update:

Came in this morning to talk to CP support. It seemed like my problem with VoIP over VPN was my biggest issue, but as it turns out the ISP Redundancy deal is much larger.

Here is the situation. With R55, we had two external links configured and setup for ISP redundancy in load balancing mode. After upgrading the load balancing stop working. Even worse is the way it stopped working --- Load balancing still wants to use that link but the FW doesn't actually finish sending the traffic. A web user behind our firewall might get their page right away on one click, and then the next click wait 5 or 10 seconds while the FW waits for the send out the backup to time out. The obvious solution would be to disable load balancing while we investigate, except that now there is no ISP Redundancy page on my FW object. So it's broken and can't be disabled or reconfigured.

I called CP and at first they thought it was a licensing issue, maybe NGX didn't give you ISP redundancy and an extra license was required? So we added a full-blown CP demo license to the box and still no ISP Redundancy under topology.

Then they started talking about revert and even ... gasp ... rebuild! That my policy made be corrupt. upgrade_export doesn't run from the shell, fails, however I haven't tried to do it after an fwstop because we're in production. I'll be in to make the donuts again early tomorrow.

Suggestions appreciated.

Andrew