Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG bridge editing causes network to go down

Hello,

I have a bridged interface. Port 1, 4, and 8. VLANs 1, 10. the bridge is in the LAN zone.

VLAN 10 supports nearly all traffic, VLAN 1 exists for a private wifi network that allows guests/vendors to use the internet, but prevents them from accessing any internal business resources. So, all in all, not a very complicated configuration.

All LAN connections are currently flowing through Port 1, Ports 4 and 8 are disconnected.

So here's what happened.
I tried removing Port 8 from the Bridge (I am repurposing it.) After loading for a little bit, an error of some kind popped up. However, I didn't take note of it as my network was now down and i was in damage control mode.

After removing it, my network became unstable. VLAN 1 continued to work, but VLANs 10 had no connection. I couldn't reach the XG from VLAN 10.

So, using VLAN 1 (still over port 1) over the private wifi network, I was able to connect to the XG.

I added Port 8 back into the bridge but the network remained in the same state.

Last, I rebooted the XG and all connections worked again.

Is there any known issues with bridge editing?

Are there best-practices guidelines?

Let me know if you need any other infrastructure details to help me debug.



This thread was automatically locked due to age.
  • So if you reload a bridge, it will restart all interfaces within the bridge. Sometimes switches have issues with this reload. 

    Going back on this topic, its hard to find the root cause - can you try to reproduce it and check, if VLAN10 traffic actually arrived via packet capture?

    __________________________________________________________________________________________________________________

  • I can try reproducing (during downtime on this attempt haha).

    Is there a way to reload interfaces (similar to what occurs during reboot) from the CLI so that i don't have to reboot the whole firewall?


    XGS116 20MR2

  • It highly depend on what happened here. 

    A reboot will reboot of course the interfaces. You could put the interfaces with ifconfig up/down but be careful of not "turning down the interface you are using".

    It is easier to open the config of the particular interface in the webadmin and simply press "save" without changing something. 

    __________________________________________________________________________________________________________________

  • Well i didn't put together a packet capture, but it pretty reliably rebuilds the Bridges wrong and crashes the network. I'm guessing that VLAN 1 works because it's a default management VLAN? not sure. Anyway, I've got a XGS116 (SFOS 20.0.0 GA-Build222) in case someone else wants to troubleshoot.


    XGS116 20MR2