This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ABF restore on UTM 9.702 failure

Restored config from UTM320 to UTM320 and all the nics are not activating. Never seen this before. ifconfig shows everything including wlan and red..etc. but not a single nic is present. I revified they were all there and could be activated after the initial install. As soon as I restore, the LAN/eth0 lights up and I can ping the IP but can't load webadmin. Reboot from console and every nic goes black. Any ideas?



This thread was automatically locked due to age.
Parents
  • I don’t have an answer at the moment but maybe relevant question. Is the restore done on the same device or another? If another are these devices different reversions of UTM320?

    -

  • Both are rev 5 utm320. What I'm wondering is if it's possible that somehow despite both being rev5 there might but subtle differences in chipset. On the other hand, I have restored configs with dissimilar hardware and only in rare instances have I had issues so I would assume that being both rev 5 even if there is a subtle difference I shouldn't see such a dramatic effect so I'm thinking it is something else I'm simply not thinking of here.

  • To isolate the issue a little better I performed a fresh install on the same unit (let's call it B, backup unit) and walked through the initial config; previously, I was doing the restore during the setup wizard and loosing the nics shortly thereafter so I skipped that step just to ensure there wasn't anything wrong with the unit. I gave it an address on lan to get out and connected my laptop to its local lan and left it there for an hour. Browsing randomly. Everything worked perfectly. With this step I can ascertain that unit B is 100% function and I already know my live unit (let's call it A) is good because, well, it's my live system.

     

    So this means there is something going wrong during the restore. For the record, I also tried the restore after the initial wizard so I can eliminate the wizard as well since the outcome was the same. Since I've done this many many times before I can only assume at this point there is something specific to 702-1 that is making this fail. I may take the time to create an earlier usb stick and restore a matching version to see if that works. The exercises may be futile since I successfully performed exactly that about 5 months ago but at this point I can't think of anything else...

  • Interesting.... I just happen to have multiple abf of the same version of the config so I grabbed a different one and now all is well. Now, this one in particular happens to have different settings since I recently made some changes to how I handle web proxy services - I doubt it has anything to do with the specifics of the config as in one versus another but moreso, that the one abf I was trying to restore is defunct. What's odd is I would think there would be some sanity checks that would take place prior to actually having the system apply a restore function on the abf. I'm just guessing but it would seem quite reckless to not do so.

     

    As a last isolation, I'm going to download a more recent version of my new config and apply it. I'll post back in a bit.

Reply
  • Interesting.... I just happen to have multiple abf of the same version of the config so I grabbed a different one and now all is well. Now, this one in particular happens to have different settings since I recently made some changes to how I handle web proxy services - I doubt it has anything to do with the specifics of the config as in one versus another but moreso, that the one abf I was trying to restore is defunct. What's odd is I would think there would be some sanity checks that would take place prior to actually having the system apply a restore function on the abf. I'm just guessing but it would seem quite reckless to not do so.

     

    As a last isolation, I'm going to download a more recent version of my new config and apply it. I'll post back in a bit.

Children
  • Now I'm locked out again. So clearly, something from the time of the backup that worked till the one that doesn't has changed and is causing some sort of strange conflict OR the system from that point on is generating bad backups!? I'm leaning more towards the latter but that would be very bad and I would think well known quickly!

  • My guess would be that something got broken when the 9.702 Up2Date was applied, so you have to use one before that.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob. That's what I'm thinking too except that the backup that works is an and from 702-1 as well. It's almost like the backup doesn't like something I changed in the config which would imply a bug in abf. I don't know that I'll take the time to isolate all that unless someone knows of a way to diff two and backups?

  • I have drawn the conclusion, within reason, that it isn't possible using the SSI installer to move a drive to another device even if it is identical hardware. Not only does it not work but it appears to brick the setup since moving the drive back to the original system where it was installed no longer works. Thus far, I can bring the lan adapter back up but again no config and dhcp doesn't turn on as it should so it appears all services are off, deliberately. My goal here was to perform an offline install to an SSD and move it to my live system. So not only can I not restore my live config to the new unit I also cannot move the drive over. I would speculate that sophos appears to be moving farther away from its open source roots than I ever imagined...However, where this is a will there is a way.