Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 1857 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall 18.0 GA-Build379 routing table inconsistent after backup restore

Samuel Heinrich

fyi...

we've noticed an issue after restoring a backup to fresh re-imaged (18.0 GA-Build379) XG330 appliances.

after restoring the backup, some branches were not reachable, because of missing static routes in the routing table, although they were clearly visible in the GUI. 

 

We were able to fix the issue by editing each missing route in the GUI and save it. To force it we changed metric from 0 to 1

 

 

unfortunately, this is not the first time we've experienced such problems that "GUI" does not reflect the "running-config"...



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Sorry for the inconvenience caused! Could you please share the output of the given command from CLI console.

    console > system link_failover show

    Please let us know from which firmware the backup has been taken and restored to 18.0 GA-Build379

  • 0 in reply to Keyur

    Keyur

    thank you for your fast response.

    backup was taken before the SQL Attack (19.04.2020) running version V18 GA 339 and was restored to 379.

     

    console> system link_failover show
    Interface Tunnel Protocol Host Port Tunnel-Type

    console>

     

    The static routes point to different routers (l2 "mpls") over Port6 vlan 227, which is not a default gateway path, although there is a default gateway on Port6 but in another vlan. 

    route precedence is set to:
    1. SD-WAN policy routes
    2. VPN routes
    3. Static routes

     

     

    during the backup restore and re-creating the HA Cluster, the firewall changes its mac address from physical to virtual. it is possible that in that some of the routers temporarily were not reachable because of a bogus arp entry...

     

    but I guess that's all irrelevant, the XG should always install routes in the tables, even if the gateway is not reachable.

    also what you can't see in the screenshot, because it was taken after the fix.

     

    10.9.0.0        10.***   255.255.248.0   UG    1      0        0 Port6.227   was installed

    192.168.142.0   10.***  255.255.255.0   UG    1      0        0 Port6.227 was not installed.

     

    both point to the same gateway and use the same interface. I'm aware that changing interface parameters afterward, can delete routes/acl referenced by that interface.  but in those cases they usually disappear in the GUI. 

Reply
  • 0 in reply to Keyur

    Keyur

    thank you for your fast response.

    backup was taken before the SQL Attack (19.04.2020) running version V18 GA 339 and was restored to 379.

     

    console> system link_failover show
    Interface Tunnel Protocol Host Port Tunnel-Type

    console>

     

    The static routes point to different routers (l2 "mpls") over Port6 vlan 227, which is not a default gateway path, although there is a default gateway on Port6 but in another vlan. 

    route precedence is set to:
    1. SD-WAN policy routes
    2. VPN routes
    3. Static routes

     

     

    during the backup restore and re-creating the HA Cluster, the firewall changes its mac address from physical to virtual. it is possible that in that some of the routers temporarily were not reachable because of a bogus arp entry...

     

    but I guess that's all irrelevant, the XG should always install routes in the tables, even if the gateway is not reachable.

    also what you can't see in the screenshot, because it was taken after the fix.

     

    10.9.0.0        10.***   255.255.248.0   UG    1      0        0 Port6.227   was installed

    192.168.142.0   10.***  255.255.255.0   UG    1      0        0 Port6.227 was not installed.

     

    both point to the same gateway and use the same interface. I'm aware that changing interface parameters afterward, can delete routes/acl referenced by that interface.  but in those cases they usually disappear in the GUI. 

Children