SRX

Hi,

I'm trying to configure VRRP for each vlan between SRX240.
They are interconnected in fully-meshed topology through 2 cisco-based (DELL PC 6224) switches.

Interfaces are configured as follows:

root@fw01> show configuration interfaces
ge-0/0/0 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ DMZ Private Management ];
            }
        }
    }
}
ge-0/0/1 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ DMZ Private Management ];
            }
        }
    }
}
ge-0/0/15 {
    unit 0 {
        family inet {
            address 192.168.1.241/24 {
                vrrp-group 1 {
                    virtual-address 192.168.1.240;
                    priority 254;
                    accept-data;
                    authentication-type simple;
                    authentication-key "$9$AHBv0RSLX-YgJX7aUjH5T"; ## SECRET-DATA
                }
            }
        }
    }
}
lo0 {
    unit 0 {
        family inet {
            address 127.0.0.1/32;
        }
    }
}
vlan {
    unit 0 {
        family inet {
            address 202.43.4.252/24 {
                vrrp-group 2 {
                    virtual-address 202.43.4.254;
                    priority 254;
                    accept-data;
                    authentication-type simple;
                    authentication-key "$9$tWUqOEyXxd24ZxNJDikTQ"; ## SECRET-DATA
                }
            }
        }
    }
    unit 1 {
        family inet {
            address 192.168.101.252/24 {
                vrrp-group 3 {
                    virtual-address 192.168.101.254;
                    priority 254;
                    accept-data;
                    authentication-type simple;
                    authentication-key "$9$h20rMXY2ajHm24.5QFAt"; ## SECRET-DATA

                }
            }
        }
    }
    unit 2 {
        family inet {
            address 192.168.102.252/24 {
                vrrp-group 4 {
                    virtual-address 192.168.102.254;
                    priority 254;
                    accept-data;
                    authentication-type simple;
                    authentication-key "$9$mTnCREyM87EcxdbsJZ"; ## SECRET-DATA
                }
            }
        }
    }
}

and the same on second one except of
- private IPs
- priorities (set to 200 for fw2)
- auth-keys hashes (were configured manually using set command)

VRRP in vrrp-group 0 (attached to physical interfaces) works fine - both SRXs identify higher-priority node as master, and only it sends advertisements.

VLAN interfaces (vrrp-group 1,2,3) of SRXs look like do not hear each other.

Sniffing each vlan from hosts in vlans' broadcast domains show that both SRXs send advertisements, and each one designates itself as master.

Sniffing on each firewall doesn't show any VRRPv2 advertisements from another SRX, though ping packets from one firewall to another are captured, so connectivity between SRX is not the case.

Below is the statuses from lower-priority SRX for the cases when:

 

(a) normal connection:
root@fw02> show vrrp
Interface     State       Group   VR state    Timer    Type   Address
ge-0/0/15.0   up              1   backup      D  2.546 lcl    192.168.1.242
                                                       vip    192.168.1.240
                                                       mas    192.168.1.241
vlan.0        up              2   master      A  0.428 lcl    202.43.4.253
                                                       vip    202.43.4.254
vlan.1        up              3   master      A  0.306 lcl    192.168.101.253
                                                       vip    192.168.101.254
vlan.2        up              4   master      A  0.217 lcl    192.168.102.253
                                                       vip    192.168.102.254

(b) ge-0/0/15.0 uplink on higher-priority firewall is plugged out

root@fw02> show vrrp
Interface     State       Group   VR state    Timer    Type   Address
ge-0/0/15.0   up              1   master      A  0.771 lcl    192.168.1.241
                                                       vip    192.168.1.240
vlan.0        up              2   master      A  0.177 lcl    202.43.4.252
                                                       vip    202.43.4.254
vlan.1        up              3   master      A  0.741 lcl    192.168.101.252
                                                       vip    192.168.101.254
vlan.2        up              4   master      A  0.417 lcl    192.168.102.252
                                                       vip    192.168.102.254

 Please let me know if you have any ideas regardsing the above.

Kind regards,
Vladimir

I've also disabled any security restrictions:

root@fw02> show configuration security
screen {
    ids-option untrust-screen {
        icmp {
            ping-death;
        }
        ip {
            source-route-option;
            tear-drop;
        }
        tcp {
            syn-flood {
                alarm-threshold 1024;
                attack-threshold 200;
                source-threshold 1024;
                destination-threshold 2048;
                queue-size 2000; ## Warning: 'queue-size' is deprecated
                timeout 20;
            }
            land;
        }
    }
}
zones {
    security-zone untrust {
        screen untrust-screen;
        interfaces {
            ge-0/0/15.0 {
                host-inbound-traffic {
                    system-services {
                        all;
                    }
                }
            }
        }
    }
    security-zone dmz {
        tcp-rst;
        screen untrust-screen;
        interfaces {
            vlan.0 {
                host-inbound-traffic {
                    system-services {
                        all;
                    }
                }
            }
        }
    }
    security-zone private {
        tcp-rst;
        screen untrust-screen;
        interfaces {
            vlan.1 {
                host-inbound-traffic {
                    system-services {
                        all;
                    }
                }
            }
        }
    }
    security-zone management {
        tcp-rst;
        screen untrust-screen;
        interfaces {
            vlan.2 {
                host-inbound-traffic {
                    system-services {
                        all;
                    }
                }
            }
        }
    }
}
policies {
    default-policy {
        permit-all;
    }
}

#vrrp
#SRX240
#vlan

Hi Vladimir,

 

please paste your vlan configuration (show vlans). Did you configure your unit interfaces as l3-interfaces within particular vlans?

 

Regards

Michael Pergament

 

 

Hi Mike,

 

Yes, it is configured as you say.

 

> show configuration vlans
DMZ {
    vlan-id 43;
    l3-interface vlan.0;
}
Management {
    vlan-id 102;
    l3-interface vlan.2;
}
Private {
    vlan-id 101;
    l3-interface vlan.1;
}
 

 

Also status:

> show vlans
Name           Tag     Interfaces
DMZ            43
                       ge-0/0/0.0*, ge-0/0/1.0*
Management     102
                       ge-0/0/0.0*, ge-0/0/1.0*
Private        101
                       ge-0/0/0.0*, ge-0/0/1.0*
default        1
                       None

Hi,

 

I think the problem is that ge-0/0/0 and ge-0/0/1 do not belong to any security zone. In this case all incoming VRRP messages on these interfaces would be dropped.

 

Kind Regards

Michael Pergament

 

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Hi Mike,

 

Thanks for your advice, but unfortunately  that wasn't the case.

I've put ge-0/0/0 and ge-0/0/1 into untrust zone (just as for ge-0/0/15) and also allowed native vlan 1 to be trunked through uplinks on switches.

 

But that hadn't changed anything. 😞

 

Looking more into security issues I've added security permissions for protocol together with system-secvices:

 

set security zones security-zone dmz interface vlan.0 host-inbound-traffic protocols vrrp

set security zones security-zone private interface vlan.1 host-inbound-traffic protocols vrrp

set security zones security-zone management interface vlan.2 host-inbound-traffic protocols vrrp

 

That haven't changed the picture either. 😞

 

Interesting thiing I've noticed is when capturing traffic without any filters on vlan interfaces, I can see incoming packets  from peer firewall when listening "vlan" interface:

18:27:12.659253 Out IP 192.168.102.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=4 prio=200 authtype=simple intvl=1
18:27:12.763955 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:27:12.805107  In IP 192.168.102.252 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=4 prio=254 authtype=simple intvl=1
18:27:12.984146  In IP 202.43.4.252 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=254 authtype=simple intvl=1
18:27:12.999209  In IP 192.168.101.252 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=3 prio=254 authtype=simple intvl=1
18:27:13.277199 Out IP 192.168.101.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=3 prio=200 authtype=simple intvl=1
18:27:13.524762 Out IP 192.168.102.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=4 prio=200 authtype=simple intvl=1
18:27:13.702620 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:27:13.706861  In IP 192.168.102.252 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=4 prio=254 authtype=simple intvl=1
18:27:13.861806  In IP 192.168.101.252 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=3 prio=254 authtype=simple intvl=1
18:27:13.884777  In IP 202.43.4.252 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=254 authtype=simple intvl=1
18:27:14.115387 Out IP 192.168.101.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=3 prio=200 authtype=simple intvl=1
18:27:14.480372 Out IP 192.168.102.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=4 prio=200 authtype=simple intvl=1
18:27:14.536740 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:27:14.570454  In IP 192.168.102.252 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=4 prio=254 authtype=simple intvl=1
18:27:14.676964  In IP 192.168.101.252 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=3 prio=254 authtype=simple intvl=1

 but can't if on individual interfaces, eg vlan.0 on fw2 (.253):

18:32:34.540033 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:32:35.401329 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:32:36.209647 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:32:37.188870 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:32:38.136754 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:32:39.016387 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:32:39.835675 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:32:40.730815 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1
18:32:41.604336 Out IP 202.43.4.253 > vrrp.mcast.net: VRRPv2-advertisement 20: vrid=2 prio=200 authtype=simple intvl=1

though can't interpret this fact.

 

 

Any other ideas?

Hi Vladimir,

 

could you please attach the output of "show vrrp extensive"?

 

Thanks!

Michael Pergament

Hi Mike!

 

root@fw01> show vrrp extensive
Interface: ge-0/0/15.0, Interface index :0, Groups: 1, Active :0

Physical interface: ge-0/0/15, Unit: 0, Address: 192.168.1.241/24
  Index: 73, SNMP ifIndex: 149, VRRP-Traps: disabled
  Interface state: down, Group: 1, State: init
  Priority: 254, Advertisement interval: 1, Authentication type: simple
  Delay threshold: 100, Computed send rate: 0
  Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 192.168.1.240
  Master router: N/A
  Tracking: disabled

Interface: vlan.0, Interface index :68, Groups: 1, Active :1
  Interface VRRP PDU statistics
    Advertisement sent                       :3911
    Advertisement received                   :0
    Packets received                         :0
    No group match received                  :0
  Interface VRRP PDU error statistics
    Invalid IPAH next type received          :0
    Invalid VRRP TTL value received          :0
    Invalid VRRP version received            :0
    Invalid VRRP PDU type received           :0
    Invalid VRRP authentication type received:0
    Invalid VRRP IP count received           :0
    Invalid VRRP checksum received           :0

Physical interface: vlan, Unit: 0, Address: 202.43.4.252/24
  Index: 68, SNMP ifIndex: 158, VRRP-Traps: disabled
  Interface state: up, Group: 2, State: master
  Priority: 254, Advertisement interval: 1, Authentication type: simple
  Delay threshold: 100, Computed send rate: 0
  Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 202.43.4.254
  Advertisement Timer: 0.000s, Master router: 202.43.4.252
  Virtual router uptime: 00:58:58, Master router uptime: 00:58:52
  Virtual Mac: 00:00:5e:00:01:02
  Tracking: disabled
  Group VRRP PDU statistics
    Advertisement sent                       :3911
    Advertisement received                   :0
  Group VRRP PDU error statistics
    Bad authentication Type received         :0
    Bad password received                    :0
    Bad MD5 digest received                  :0
    Bad advertisement timer received         :0
    Bad VIP count received                   :0
    Bad VIPADDR received                     :0
  Group state transition statistics
    Idle to master transitions               :0
    Idle to backup transitions               :1
    Backup to master transitions             :1
    Master to backup transitions             :0

Interface: vlan.1, Interface index :69, Groups: 1, Active :1
  Interface VRRP PDU statistics
    Advertisement sent                       :3912
    Advertisement received                   :0
    Packets received                         :0
    No group match received                  :0
  Interface VRRP PDU error statistics
    Invalid IPAH next type received          :0
    Invalid VRRP TTL value received          :0
    Invalid VRRP version received            :0
    Invalid VRRP PDU type received           :0
    Invalid VRRP authentication type received:0
    Invalid VRRP IP count received           :0
    Invalid VRRP checksum received           :0

Physical interface: vlan, Unit: 1, Address: 192.168.101.252/24
  Index: 69, SNMP ifIndex: 159, VRRP-Traps: disabled
  Interface state: up, Group: 3, State: master
  Priority: 254, Advertisement interval: 1, Authentication type: simple
  Delay threshold: 100, Computed send rate: 0
  Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 192.168.101.254
  Advertisement Timer: 0.322s, Master router: 192.168.101.252
  Virtual router uptime: 00:58:58, Master router uptime: 00:58:52
  Virtual Mac: 00:00:5e:00:01:03
  Tracking: disabled
  Group VRRP PDU statistics
    Advertisement sent                       :3912
    Advertisement received                   :0
  Group VRRP PDU error statistics
    Bad authentication Type received         :0
    Bad password received                    :0
    Bad MD5 digest received                  :0
    Bad advertisement timer received         :0
    Bad VIP count received                   :0
    Bad VIPADDR received                     :0
  Group state transition statistics
    Idle to master transitions               :0
    Idle to backup transitions               :1
    Backup to master transitions             :1
    Master to backup transitions             :0

Interface: vlan.2, Interface index :70, Groups: 1, Active :1
  Interface VRRP PDU statistics
    Advertisement sent                       :3906
    Advertisement received                   :0
    Packets received                         :0
    No group match received                  :0
  Interface VRRP PDU error statistics
    Invalid IPAH next type received          :0
    Invalid VRRP TTL value received          :0
    Invalid VRRP version received            :0
    Invalid VRRP PDU type received           :0
    Invalid VRRP authentication type received:0
    Invalid VRRP IP count received           :0
    Invalid VRRP checksum received           :0

Physical interface: vlan, Unit: 2, Address: 192.168.102.252/24
  Index: 70, SNMP ifIndex: 160, VRRP-Traps: disabled
  Interface state: up, Group: 4, State: master
  Priority: 254, Advertisement interval: 1, Authentication type: simple
  Delay threshold: 100, Computed send rate: 0
  Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 192.168.102.254
  Advertisement Timer: 0.000s, Master router: 192.168.102.252
  Virtual router uptime: 00:58:58, Master router uptime: 00:58:52
  Virtual Mac: 00:00:5e:00:01:04
  Tracking: disabled
  Group VRRP PDU statistics
    Advertisement sent                       :3906
    Advertisement received                   :0
  Group VRRP PDU error statistics
    Bad authentication Type received         :0
    Bad password received                    :0
    Bad MD5 digest received                  :0
    Bad advertisement timer received         :0
    Bad VIP count received                   :0
    Bad VIPADDR received                     :0
  Group state transition statistics
    Idle to master transitions               :0
    Idle to backup transitions               :1
    Backup to master transitions             :1
    Master to backup transitions             :0

 

 

root@fw02> show vrrp extensive
Interface: ge-0/0/15.0, Interface index :73, Groups: 1, Active :1
  Interface VRRP PDU statistics
    Advertisement sent                       :3854
    Advertisement received                   :0
    Packets received                         :7614
    No group match received                  :7614
  Interface VRRP PDU error statistics
    Invalid IPAH next type received          :0
    Invalid VRRP TTL value received          :0
    Invalid VRRP version received            :0
    Invalid VRRP PDU type received           :0
    Invalid VRRP authentication type received:0
    Invalid VRRP IP count received           :0
    Invalid VRRP checksum received           :0

Physical interface: ge-0/0/15, Unit: 0, Address: 192.168.1.242/24
  Index: 73, SNMP ifIndex: 149, VRRP-Traps: disabled
  Interface state: up, Group: 1, State: master
  Priority: 200, Advertisement interval: 1, Authentication type: simple
  Delay threshold: 100, Computed send rate: 0
  Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 192.168.1.240
  Advertisement Timer: 0.916s, Master router: 192.168.1.242
  Virtual router uptime: 00:58:07, Master router uptime: 00:58:00
  Virtual Mac: 00:00:5e:00:01:01
  Tracking: disabled
  Group VRRP PDU statistics
    Advertisement sent                       :3854
    Advertisement received                   :0
  Group VRRP PDU error statistics
    Bad authentication Type received         :0
    Bad password received                    :0
    Bad MD5 digest received                  :0
    Bad advertisement timer received         :0
    Bad VIP count received                   :0
    Bad VIPADDR received                     :0
  Group state transition statistics
    Idle to master transitions               :0
    Idle to backup transitions               :1
    Backup to master transitions             :1
    Master to backup transitions             :0

Interface: vlan.0, Interface index :68, Groups: 1, Active :1
  Interface VRRP PDU statistics
    Advertisement sent                       :3834
    Advertisement received                   :0
    Packets received                         :0
    No group match received                  :0
  Interface VRRP PDU error statistics
    Invalid IPAH next type received          :0
    Invalid VRRP TTL value received          :0
    Invalid VRRP version received            :0
    Invalid VRRP PDU type received           :0
    Invalid VRRP authentication type received:0
    Invalid VRRP IP count received           :0
    Invalid VRRP checksum received           :0

Physical interface: vlan, Unit: 0, Address: 202.43.4.253/24
  Index: 68, SNMP ifIndex: 161, VRRP-Traps: disabled
  Interface state: up, Group: 2, State: master
  Priority: 200, Advertisement interval: 1, Authentication type: simple
  Delay threshold: 100, Computed send rate: 0
  Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 202.43.4.254
  Advertisement Timer: 0.460s, Master router: 202.43.4.253
  Virtual router uptime: 00:57:51, Master router uptime: 00:57:44
  Virtual Mac: 00:00:5e:00:01:02
  Tracking: disabled
  Group VRRP PDU statistics
    Advertisement sent                       :3834
    Advertisement received                   :0
  Group VRRP PDU error statistics
    Bad authentication Type received         :0
    Bad password received                    :0
    Bad MD5 digest received                  :0
    Bad advertisement timer received         :0
    Bad VIP count received                   :0
    Bad VIPADDR received                     :0
  Group state transition statistics
    Idle to master transitions               :0
    Idle to backup transitions               :1
    Backup to master transitions             :1
    Master to backup transitions             :0

Interface: vlan.1, Interface index :69, Groups: 1, Active :1
  Interface VRRP PDU statistics
    Advertisement sent                       :3836
    Advertisement received                   :0
    Packets received                         :0
    No group match received                  :0
  Interface VRRP PDU error statistics
    Invalid IPAH next type received          :0
    Invalid VRRP TTL value received          :0
    Invalid VRRP version received            :0
    Invalid VRRP PDU type received           :0
    Invalid VRRP authentication type received:0
    Invalid VRRP IP count received           :0
    Invalid VRRP checksum received           :0

Physical interface: vlan, Unit: 1, Address: 192.168.101.253/24
  Index: 69, SNMP ifIndex: 162, VRRP-Traps: disabled
  Interface state: up, Group: 3, State: master
  Priority: 200, Advertisement interval: 1, Authentication type: simple
  Delay threshold: 100, Computed send rate: 0
  Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 192.168.101.254
  Advertisement Timer: 0.000s, Master router: 192.168.101.253
  Virtual router uptime: 00:57:51, Master router uptime: 00:57:44
  Virtual Mac: 00:00:5e:00:01:03
  Tracking: disabled
  Group VRRP PDU statistics
    Advertisement sent                       :3836
    Advertisement received                   :0
  Group VRRP PDU error statistics
    Bad authentication Type received         :0
    Bad password received                    :0
    Bad MD5 digest received                  :0
    Bad advertisement timer received         :0
    Bad VIP count received                   :0
    Bad VIPADDR received                     :0
  Group state transition statistics
    Idle to master transitions               :0
    Idle to backup transitions               :1
    Backup to master transitions             :1
    Master to backup transitions             :0

Interface: vlan.2, Interface index :70, Groups: 1, Active :1
  Interface VRRP PDU statistics
    Advertisement sent                       :3834
    Advertisement received                   :0
    Packets received                         :0
    No group match received                  :0
  Interface VRRP PDU error statistics
    Invalid IPAH next type received          :0
    Invalid VRRP TTL value received          :0
    Invalid VRRP version received            :0
    Invalid VRRP PDU type received           :0
    Invalid VRRP authentication type received:0
    Invalid VRRP IP count received           :0
    Invalid VRRP checksum received           :0

Physical interface: vlan, Unit: 2, Address: 192.168.102.253/24
  Index: 70, SNMP ifIndex: 163, VRRP-Traps: disabled
  Interface state: up, Group: 4, State: master
  Priority: 200, Advertisement interval: 1, Authentication type: simple
  Delay threshold: 100, Computed send rate: 0
  Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 192.168.102.254
  Advertisement Timer: 0.817s, Master router: 192.168.102.253
  Virtual router uptime: 00:57:51, Master router uptime: 00:57:44
  Virtual Mac: 00:00:5e:00:01:04
  Tracking: disabled
  Group VRRP PDU statistics
    Advertisement sent                       :3834
    Advertisement received                   :0
  Group VRRP PDU error statistics
    Bad authentication Type received         :0
    Bad password received                    :0
    Bad MD5 digest received                  :0
    Bad advertisement timer received         :0
    Bad VIP count received                   :0
    Bad VIPADDR received                     :0
  Group state transition statistics
    Idle to master transitions               :0
    Idle to backup transitions               :1
    Backup to master transitions             :1
    Master to backup transitions             :0

 

 

 

Please don't pay attention to ge-0/0/15 on fw01 - it is currently unplugged from network, so vrrp failover for group 0 is correct.

 

Thanks  a lot for your help!

Hi,

 

it seems that it is a known issue on SRX. So you have to open a case. Please refer to PR 469838.

 

Kind Regards

Michael Pergament

 

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Hi Mike,

 

I have opened a case and will put its resolution details in this thread.

 

Thanks for you advice!

Hi Vladimir

Hi Vladimir,

 

Have you managed to solve this issue ?

 

I am also facing a similiar issue. Can you please guide me for the solution.

 

Regards

 

AB