Jason, thanks for replying. The systems are configured to use the Management network.
We have been in touch with Nimble support and here's the situation. Not sure if this was caused by the upgrade or just by the controller fail-over during the upgrade.
The systems are configured to replication across VPN tunnels and have NAT statements pointing to the management VIP from the outside. For whatever reason after the fail-over instead of the system using the management VIP to transmit the data it started using the active controller IP to transmit the data, thus nullifying our NAT statement and breaking replication.
We've since made the necessary changes to NAT statements on the firewalls to reestablish communications and replication, but this leaves us in a state where in the event of another controller fail-over the system will no longer be able to communicate.
The Nimble engineer is looking into this issue and at this point the only workaround we have is to change the firewall NAT statements. Prior to the upgrades the systems were using the VIP without issue.
I'll update again as I get more information.