Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 6 subscribers
  • Views 27246 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scheduled reboot?

BrianRobison
Hi all.  I have several HA clusters (active/passive) of UTM 425's, and I've noticed that they really benefit from a daily reboot, or switchover from master to slave unit, more precisely.  Is there a way to schedule this?  They run Linux, so I automatically thought of a cron job, but is that possible?
TIA,
Brian


This thread was automatically locked due to age.
  • 0
    cron jobs are possible.  The UTM rebuilds its /etc/crontab from /etc/crontab.* - other forum posts give more details/instruction.

    What are the problems that cause the clusters to benefit from a switch over or reboot?
  • 0
    To cause a failover every morning at 4:30AM, add the following to /etc/crontab-static (should survive everything but a factory reset or re-install from ISO):

    30 4 * * * root /usr/local/bin/ha_daemon -c takeover


    To reboot instead, use:

    30 4 * * * root /usr/local/bin/reboot


    Next, make the same changes as root on the Slave.  To gain access to the command  line on the Slave:

    ha_utils ssh


    Finally, to force the config daemon to rewrite /etc/crontab including the new line, change one of the settings on the 'Configuration' tab in 'Management >> Up2Date', [Apply], change it back and [Apply].

    Cheers - Bob
    PS I share teched's curiosity.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to teched_01
    You may laugh, but I think the firewalls start dragging (throughput-wise) after being up for more than 24 hours.  I started doing this out of desperation, because I'd come in, in the morning, and people would yell about the Internet dragging.  I'd reboot the master, and everything would be good for a while.  I spoke to a Sophos tech, and he says it could be related to releasing resources or something like that.  I have noticed that the swap space usage creeps up gradually but inexorably the longer these firewalls are up.

    cron jobs are possible.  The UTM rebuilds its /etc/crontab from /etc/crontab.* - other forum posts give more details/instruction.

    What are the problems that cause the clusters to benefit from a switch over or reboot?
  • 0
    Degradation in service, particularly after 24 hours, should be worth more than a "or something like that" response from Sophos.

    Using swap is different from frequently swapping in/out or thrashing.

    Are these Sophos UTM 425 rev 5 units with 8GB?  KB118143

    Has atop and other monitoring indicated what exactly is slow and why?
  • 0 in reply to BrianRobison
    You may laugh, but I think the firewalls start dragging (throughput-wise) after being up for more than 24 hours.  I started doing this out of desperation, because I'd come in, in the morning, and people would yell about the Internet dragging.  I'd reboot the master, and everything would be good for a while.  I spoke to a Sophos tech, and he says it could be related to releasing resources or something like that.  I have noticed that the swap space usage creeps up gradually but inexorably the longer these firewalls are up.


    windows problems are solved by reboots not Linux issues.  It's time to start diagnosing the issues not rebooting hte units..[:)]  if support isn't helping get it escalating..your reseller should also be providing support.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren

    Alright I have to chime in here because every time there is a thread like this (I've been searching) William and others jump all over the OP with irrelevant statements about Windows instead of answering the question.  This is a perfectly valid need, and one we share for a number of reasons, many of which having to do with the sorry state of MANY things in 9.x that are still broken...

    A big one for us is that:

    1) by design (for some strange reason) static routes for a particular interface do not get invalidated if that interface goes down, which leads us to

    2) using multipath instead of static routes to handle sending certain traffic over certain WAN connections, which would be fine but unfortunately

    3) multipath rules, once invalidated due to a failover, never fail back into the desired state even when the failed interface comes back... like ever.  weeks after a failover event (even one that just lasts moments) the multipath rule will still be completely ignored and the traffic will continue to flow over the wrong interface

    Sophos support has been completely useless as far as solutions to this go, so our only option for our hundreds of SGs is to turn to scheduling some kind of periodic reboot so that the multipath rules reset to the way they should be.

    Honestly it's completely absurd that this kind of thing can't be done and done easily via SUM.

  • 0 in reply to pesos

    Did my crontab-static suggestion in the other thread resolve these issues for you, pesos?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob!  I read that as "cron-tastic" suggestion lol.  We were super busy this week coordinating a move of one of our datacenters, so haven't yet had a chance to try that out - but it sounds good and we are hopeful it will do the trick.

    Will report back once we have a chance to check it out - thanks again!

    Wes

Unfiltered HTML