Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 28 subscribers
  • Views 1478 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Loaded MR4 - VPN settings wiped

M8ey

Howdy,

 

Had a interesting night rebuilding my IPSEC Tunnels and Sophos Connect / L2TP last night.

I decided to add a new WAN connection and remove the old and make the new primary and the old the Backup.

 

Also thought what a great time to do the MR4 update seeing I was there.

So between MR4 and changing WAN ports on the XG450 all of the IPSEC / L2TP and Sophos Connect settings were removed.

Spent the next 2 hours rebuilding them - most of which finding the dam PSKs / Endpoints :-(

 

Any idea why this may have happened?



This thread was automatically locked due to age.
Parents
  • 0

    Hey  

    My apologies to hear about this inconvenience. For context, I recently upgraded my pair of XG 125's in Active/Active HA to v17.5.4 MR-4 and didn't experience any configuration wipes to my Sophos Connect or IPsec settings. However, it seems like you performed some other actions that I didn't (swapping WAN connections). 

    How exactly did you perform the WAN interface swap?

    Regards,

Reply
  • 0

    Hey  

    My apologies to hear about this inconvenience. For context, I recently upgraded my pair of XG 125's in Active/Active HA to v17.5.4 MR-4 and didn't experience any configuration wipes to my Sophos Connect or IPsec settings. However, it seems like you performed some other actions that I didn't (swapping WAN connections). 

    How exactly did you perform the WAN interface swap?

    Regards,

Children
  • 0 in reply to FloSupport

    Hey Flo,

     

    I have an XG450 - had the Primary WAN on Port 2. Switched to the Backup WAN (port 3) and deleted the settings for Port 2 - then created a WAN on Port 8 as a backup WAN for failover

    Once it was all passing traffic I updated to MR4

     

    Upon reboot all the VPN settings for IPSEC, L2TP and Sophoc Connect were gone.

     

    Not sure if it was the WAN change or MR4 or the combination. 

  • +2 in reply to M8ey

    Hi M8ey,

    This sounds like you removed your old WAN port (setting it to none for the zone). When you do this, it wipes out all dependent configuration (VPN tunnels that reference this port object/BAP rules that have this port object etc..). 

    This would not be an issue with the firmware. 

  • 0 in reply to MasterRoshi

    Arghhh that makes sense.

    Sadly I would have thought by removing the WAN port the VPN would just remove the WAN it used - not reset and remove everything.

     

    Another thing to remember for next time.

  • 0 in reply to M8ey

    I figured better what you wrote, and I now foresee what could have happened ...

    I never take pleasure with other folks' misery, but, are we allowed to laugh, or at least smile a little bit ?

    Paul Jr 

  • 0 in reply to Big_Buck

    Big_Buck said:
    are we allowed to laugh, or at least smile a little bit ?

     

    Laugh away - I did.... I cannot believe the XG just removes all VPNs due to a WAN port change though.

     

    A trap for noobs :P

  • 0 in reply to M8ey

    Noobs ... yes and no.

    On CheckPoint firewall the same cannot happen.  At least, it is far easier to avoid.  You cannot remove something that is used by something else, up until one fix that relasionship.  On those firewalls, we also have a very convenient menu where we can list where all "objects", "groups", et.c. are used.  So it is easy to checkup for everything when changing rules (firewall rules, nat rules, et.c.) or anything else ...

    Paul Jr

  • 0 in reply to Big_Buck

    It was bad enough I had a 0.0.0.0 / 0.0.0.0 rule set to go to the old WAN port and it was also removed.

     

    Couldnt work out why my VPN would pass no traffic

     

    Added that back in and whammo

     

    The stuff you learn / remember when you do it LOL