Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 18046 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG 135 HA 'Unlinked'

TG1

The slave node in one pair of our SG135s regularly shows as Unlinked, even though it's fully cabled up to match the master.  Is there a way to determine why it's in the unlinked state?  Which interface it's (incorrectly) identifying as down?  Any help would be appreciated!

Edit - we're running 9.355-1 if that matters.



This thread was automatically locked due to age.
  • 0

    Hi, T G, and welcome to the UTM Community!

    Is there anything in the high availability log that looks suspicious?

    Cheers-  Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    If you can post screenshot from the dashboard page, that would also be useful.

  • 0 in reply to BAlfson

    The HA logs just show what I assume is a standard health check, they don't specify why it fails.  See below:

    2016:03:02-12:56:39 fw-2 ha_mode[20761]: calling check

    2016:03:02-12:56:39 fw-2 ha_mode[20761]: check: waiting for last ha_mode done
    2016:03:02-12:56:39 fw-2 ha_mode[20761]: check_ha() role=SLAVE, status=UNLINKED
    2016:03:02-12:56:39 fw-2 ha_mode[20761]: check done (started at 12:56:39)
    2016:03:02-13:16:38 fw-1 ha_daemon[3943]: id="38A0" severity="info" sys="System" sub="ha" seq="M: 643 38.522" name="Executing (wait) /usr/local/bin/confd-setha mode master master_ip 198.19.250.1 slave_ip 198.19.250.2"
    2016:03:02-13:16:38 fw-1 ha_daemon[3943]: id="38A0" severity="info" sys="System" sub="ha" seq="M: 644 38.744" name="Executing (nowait) /etc/init.d/ha_mode check"
    2016:03:02-13:16:38 fw-1 ha_mode[31863]: calling check
    2016:03:02-13:16:38 fw-1 ha_mode[31863]: check: waiting for last ha_mode done
    2016:03:02-13:16:38 fw-1 ha_mode[31863]: check_ha() role=MASTER, status=ACTIVE
    2016:03:02-13:16:38 fw-1 ha_mode[31863]: check done (started at 13:16:38)

  • 0 in reply to vilic

    The dashboard has all kinds of serial numbers and stuff on it, I'd rather not post it.  What info from the DB can I provide that'd be relevant?

  • 0 in reply to TG1

    Just hide the proprietary information.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Alright, pardon my poor MSpaint censoring.  Here's the dashboard:

  • 0 in reply to TG1

    Looking at your dashboard, all I can say is that it looks perfect (at the time when screenshot was made).

    1. How did you connect eth3 interfaces, directly with crossover cable or via switch device ?
    2. How often do you see "status=UNLINKED" message in HA log file ?

  • 0 in reply to vilic

    1) The HA ports (eth3) are directly connected, no intermediary devices.

     2) Every couple of minutes the slave reports 'Unlinked' in the HA log,  No details, just status messages like this:

    2016:03:07-11:33:25 fw-2 ha_mode[21110]: calling check

    2016:03:07-11:33:25 fw-2 ha_mode[21110]: check: waiting for last ha_mode done
    2016:03:07-11:33:25 fw-2 ha_mode[21110]: check_ha() role=SLAVE, status=UNLINKED
    2016:03:07-11:33:25 fw-2 ha_mode[21110]: check done (started at 11:33:25)
  • 0

    Hello,

     

    There is a KB article by Sophos I followed it and fixed my UNLINKED issue https://community.sophos.com/kb/en-us/126826 

Unfiltered HTML