Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 8519 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to roll back firmware?

Kari Hyvönen

Hi!


After upgrading to SFOS 17.0.6 MR-6 my ipsec site to site VPNs has not been working.

i get 

4 Mar 15 2018 00:12:17           Local:89.27.xx.xx:4500 Remote:62.236.xx.xx:4500 Username:62.236.xx.xx IKEv2 Negotiation aborted due to ERROR: Platform errors 

on the other end.

 

on the firmware page I have a yellow dot (warning for something, dunno what!) on the active mr6 image.

The other image is mr5, but when I click the "boot firmware image", I get an error 

"When HA is configured, booting cluster device(s) with the non-active firmware is not allowed"
 
How can I roll back to MR5?
 
 


This thread was automatically locked due to age.
Parents
  • 0

    I tried rolling back from 17.1.3 to 17.0.8 on XG HA active - passive virtual cluster. I disabled the HA on the primary before trying to boot 17.0.8. (Not sure if things would have been different if I disabled HA on Aux). This caused the Auxiliary to reboot and come up standalone. My configuration was as follows:

    PortA LAN

    PortB InternetA

    PortC HA

    PortD InternetB

    After reboot the Aux had IPs for just Port A and C.

    On Aux Webadmin page I was stuck with registration options without "Skip" or "make member of HA" and no internet connection. I managed to wangle an internet connection for the Aux and configured manual settings by grabbing the IP from PortD of the Primary and disconnecting PortD on Primary. I was able to put in a serial number and get to the Webadmin of the Aux where firmware rollback or configuration of HA settings was possible. I had done my testing on the Primary and had rolled it back to 17.1.3 so I put the Aux back into the HA cluster.

    Pretty frustrating process just to rollback firmware and consumed most of my day. Other thing to note was when the firmware was rolled back on the Primary it dropped a couple of static routes that had been configured in 17.1.3, one of which was route back to my remote network which made it unreachable. I had a jump box on the firewalls LAN network that I used to access Gui and add the route back. When Primary was later rolled back up the 2 missing static routes were restored to the configuration. I thought this was weird behaviour. I will undertake this process with extreme caution once the firewall is in production and only if absolutely necessary.

    Hope this helps someone else.

Reply
  • 0

    I tried rolling back from 17.1.3 to 17.0.8 on XG HA active - passive virtual cluster. I disabled the HA on the primary before trying to boot 17.0.8. (Not sure if things would have been different if I disabled HA on Aux). This caused the Auxiliary to reboot and come up standalone. My configuration was as follows:

    PortA LAN

    PortB InternetA

    PortC HA

    PortD InternetB

    After reboot the Aux had IPs for just Port A and C.

    On Aux Webadmin page I was stuck with registration options without "Skip" or "make member of HA" and no internet connection. I managed to wangle an internet connection for the Aux and configured manual settings by grabbing the IP from PortD of the Primary and disconnecting PortD on Primary. I was able to put in a serial number and get to the Webadmin of the Aux where firmware rollback or configuration of HA settings was possible. I had done my testing on the Primary and had rolled it back to 17.1.3 so I put the Aux back into the HA cluster.

    Pretty frustrating process just to rollback firmware and consumed most of my day. Other thing to note was when the firmware was rolled back on the Primary it dropped a couple of static routes that had been configured in 17.1.3, one of which was route back to my remote network which made it unreachable. I had a jump box on the firewalls LAN network that I used to access Gui and add the route back. When Primary was later rolled back up the 2 missing static routes were restored to the configuration. I thought this was weird behaviour. I will undertake this process with extreme caution once the firewall is in production and only if absolutely necessary.

    Hope this helps someone else.

Children
No Data