Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Static route gets ignored

Hi.

I use a XG with 19.5.1 MR-1-Build278 Firmware.I have a strange behavior. Today, we can't ping our servers located at a "site to site vpn" branch office.

By now, all I can tell is, that the specific static route gets ignored. I see it on the web interface of the XG but when doing a route -n on the command line of the XG, there is no such route. Removing it and adding it through the Web interface does not help. 

As you can see, the newly created route to 10.1.22.0 is added, but the route to 10.1.19.0 is missing. Even when newly created. When I create a route to a specific host (let's say 10.1.19.65, it gets added.

What is going on here? Any help is welcome.

Best regards,

Christian



This thread was automatically locked due to age.
  • Update: I restarted the XG device and now the route is created.

  • Hi Christian, Good to see issue is resolved after reboot, however eng team is  interested in investigating why it needed reboot in first place. Would it be possible to Private Message me the access details of the device to connect and investigate if any failures are indicated in the logs. ( or share the log files from /var/zebra.log, /var/staticd.log /var/csc.log) -Shrikant

  • Hi Shrikant, 

    Please see Sophos case 06359098 for more detail. 

  • Hi   Thanks for sharing the case details, I have reviewed the collected logs, and below is the observation.

    staticd.log

    2023-03-23T20:46:17Z STATIC: [S4MGP-4WQTA] route_notify_owner: Route 10.5.3.0/24 failed to install for table: 254
    2023-03-23T20:46:17Z STATIC: [S4MGP-4WQTA] route_notify_owner: Route 10.15.0.0/16 failed to install for table: 254
    2023-03-23T20:46:17Z STATIC: [S4MGP-4WQTA] route_notify_owner: Route 10.16.0.0/16 failed to install for table: 254
    2023-03-23T20:46:17Z STATIC: [S4MGP-4WQTA] route_notify_owner: Route 10.17.0.0/16 failed to install for table: 254
    2023-03-23T20:46:17Z STATIC: [S4MGP-4WQTA] route_notify_owner: Route 10.18.0.0/16 failed to install for table: 254
    2023-03-23T20:46:17Z STATIC: [S4MGP-4WQTA] route_notify_owner: Route 10.19.0.0/16 failed to install for table: 254

    As of now for one such instance, an investigation is ongoing with Dev with NC-114292 and we will review whether your reported issue symptoms are the same or not. Based on that you will receive further updates from the support team over the case with the next plan details. 

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • Hi : Your case has been updated by the GES team and it is confirmed that the issue is related to NC-114292. Fix for this issue id is taken in the SFOS v19.5.3 MR-3.

    For the workaround, you can restart the Zebra service after migrating the device to v19.5.1 MR-1.To restart the Zebra service, please use the below command in the advanced shell.

    "service zebra:restart -ds nosync"

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • Hi All, Please find the below general information if anyone is referring to this thread and would like to confirm whether their issue is related to NC-114292 or not.

    If the zebra.log contains a "netlink-dp" msg with an error like below then it confirms the issue is related to NC-114292.

    "netlink-dp` (NS 0) error: Numerical result out of range, type=RTM_NEWROUTE(XX), seq=YYYY, pid=ZZZZZZZZZ"

    If the above error is not present then the issue may require a separate investigation with a support ticket to review the logs and validate it further.

    Note:  failed to install for table: 254" might be present due to interface is down at the time of static config apply.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.