When the dynamic route changes, sessions are kept on the wrong interface.
We have version 6.4.5 installed on our FWG100F.
I have configured a dynamic routing through BGP and using a performance SLA to our DataCenter by 2 ways, (optical fibre and IPsec tunnel).
When the Fibre (main) goes down, the secondary route "tunnel Ipsec" is up correctly, but when the main line recovers, the Firewall keeps the old sessions, going out through the wrong interface (standby) and does not work correctly.
Researching I have read that this can be solved for NAT connections by enabling "snat-route-change", but in our case the sessions are not with NAT, being internal communication. We have tested it and it works, but obviously we can't use it since it is internal communication and we always need to be able to see the origin of the communications.
Someone knows what could be going on? I've read that others don't have the same problem for IPsec sessions with SLA performance without NAT.