Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 836 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ongoing issues with an XG125 - not sure where to go from here

Jeremy Parr

We have a number of XGs deployed, including about a half dozen 125s. Most are running 17.5 MR8, but we have one unit that doesn't want to move past 17.5. 

I've upgraded it to MR6 in the past, had issues, tried MR7, had issues, now am trying MR8, and facing issues. The MR6 issue was due to garner crashing, and the LAN interface not communicating to any inside hosts. Now with MR8, we are seeing that after the upgrade the device runs fine for a period of time, and at some point stops allowing *new* traffic. Any established traffic continues to be allowed, but pinging outside to a "new" host fails. Support has given me various answers as to the cause, and as of now they want to RMA the device or re-image, but have told me not to backup/restore the config.

This is less than ideal at this site, as the firewall rules are somewhat extensive, and we have SSL VPN users that would need to be re-provisioned, as well as lots of custon FQDN hosts etc. I find it hard to accept that the device will run without issues on 17.5, but crashes due to corrupt data on other software versions.

Any thoughts or suggestions, I'm really not looking forward to re-imaging and re-configuring the device from scratch only to have the same issue occur.



This thread was automatically locked due to age.
Parents
  • 0

    First of all, how "old" is your backup? How many MR Releases did you run and did you all time update your appliance? So to speak, did you start with V17.0 and update since years? 

    Or is your configuration somehow new? 

    Do you get any information, why the conntrack / firewall is stopping "matching your traffic"? 

  • 0 in reply to LuCar Toni

    The configuration is newer than any backups, so going back to an older backup isn't an option. Only feedback I've gotten from support since the first upgrade past 17.5 has been to wipe and reinstall, or promises that I'm facing a bug that is fixed in the next release.

  • 0 in reply to Jeremy Parr

    Ok, last night performed a backup, wiped the device and reimaged with 17.5. Updated pattern data, and restored the backup. Upgraded to MR8, and a few hours later, back to square one. No hosts behind the device can access the Internet after a few hours. Interestingly port forwards to inside services work, but outbound browsing does not. Tried clientless SSL vpn, but it would not connect to the internal RDP server. From the command line I could clear and re-learn MAC addresses on the inside, but not ping anything.

Reply
  • 0 in reply to Jeremy Parr

    Ok, last night performed a backup, wiped the device and reimaged with 17.5. Updated pattern data, and restored the backup. Upgraded to MR8, and a few hours later, back to square one. No hosts behind the device can access the Internet after a few hours. Interestingly port forwards to inside services work, but outbound browsing does not. Tried clientless SSL vpn, but it would not connect to the internal RDP server. From the command line I could clear and re-learn MAC addresses on the inside, but not ping anything.

Children
No Data