Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Subscribers 47 subscribers
  • Views 5381 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to update to V18 MR4

Argo

this is a continuation from this thread ;

https://community.sophos.com/xg-firewall/f/discussions/124771/xg-firewall-v18-mr-4-feedback-and-experiences

My Hardware is as follows;

I have a VMware 6.7 virtual system that is host to current 2 VMs

  • Sophos XG v18 MR3 HA in Active-Passive setup.
  • They VM have 2 x CPU, 6Gb RAM, 60Gb HDD & 3 x NIC (the NIC are VMXnet3 Cards within VMware).

I had installed and setup v18 MR3 in an active-passive ha setup without any issues, and it was configured in less than 10 minutes.

Upgrading to v18 MR4 was another matter.

  1. I tried to upgrade the firmware via the usual place, but was denied stating it was in HA configuration.
  2. disabled HA, and then upgraded both the units.
  3. tried to configure HA, and this is where it just wouldn't identify the other (Passive) unit.

it even got stuck with HA being in an inconsistent state.

on the Active unit the GUI would free on refresh with the following screen

   

when I ran the command 'system HA disable' it stated that it was already disabled.

this is on MR4, and both units were on MR4 before trying to re-connect.

I have the systems still there but have had to rebuild from scratch.

any help or guidance on this would be helpful and may well be for others who come across this.

you said in the previous thread that this is a known bug, I could only see four bugs for HA, and neither seemed to represent the one I am experiencing;

  • NC-62868 [HA] HA - Certificate Sync fails in Aux
  • NC-64269 [HA] IPv6 MAC based rule not working when traffic is load balanced to Auxiliary
  • NC-64907 [HA] The auxiliary appliance crashes when broadcast packet is generated from it
  • NC-61282 [Firewall, HA] Failed to enable HA when a New XG is replaced in place of another XG


This thread was automatically locked due to age.
Parents
  • 0

    You rebuild from scratch - Did you reimagethe appliance (use a new VM) or did you factory reset the appliance? 

    Can you give us details about the exact steps you ran into this problem? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    BTW: Can you confirm, you started the QuickHA Mode and stopped the discovery and this break the HA page? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I can confirm that I started the QuickHA mode, but this action broke the whole HA feature, and this gets backed up with the config, and when restoring the config also does not allow me to stop/disable to HA configuration.

    please note I have only three rules, and not much else as it is a home version.

    as I am now unable to disable HA mode from the GUI or CLI, I will have to rebuild from scratch and not from backup config file.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

  • 0 in reply to Argo

    We could reproduce this issue and it seems to be related to a invalid QuickHA Mode attempt and stopping / interrupting this process will freeze the HA Page. For references: NC-66978: HA page stuck after enabling Quick HA

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    thanks it's good to know, if you need them I still have the failed vmware images.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

Reply Children
  • 0 in reply to Argo

    , I do believe that the configuration of the QuickHA is borked, I tried to connect the primary to the auxiliary;

    1. The primary was all Configured and ready to go.

    2. the passive router I did nothing to, I reset it to factory defaults, I was then given the option to configure using QuickHA on the initial screens on initial config.

    this just would not work, and I tried a number of times today, it seems that I have to go into interactive mode.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

  • 0 in reply to Argo

    I assume, the Bug causes the appliance in total to break which will lead to a invalid state after all. 

    If you install two completely new appliances with images, it should work. 

    If you reuse the old images, which already had this issue, it will break all the time. Its a matter of database defect, which causes this issue. 

    __________________________________________________________________________________________________________________

Unfiltered HTML