Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 21 replies
  • Subscribers 30 subscribers
  • Views 3339 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED remains disconnected/non-functional after XG update and reboot

Tom Krämer

The RED device remains disconnected or has a connection error which leads to communication from the RED-LAN no longer being possible after an update and reboot of the XG firewall.

In order to reconnect the RED device (make it functional again), the configuration of the RED device must be saved once on the XG (without changes).

This probably causes a reboot on the RED + reconnect.

Is this phenomenon known?

 

Best regards.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi Tom Kramer,

    Thank you for reaching out to the Community! 

    Could you please provide a firewall and RED model number and running firmware version on it? 

    I would also suggest you open a support case for further investigation and send me the case number via PM so that I can help with the followup. 

    Thanks,

  • 0 in reply to FormerMember

    Hello,

     

    - XG 210

    -> Update from SFOS 17.5.12 MR-12 to SFOS 17.5.13 MR-13. However, the problem already existed in update to SFOS 17.5.12 MR-12.

    - RED50

    -> Firmware 2.0.019. Now the appliance has been updated to 3.0.002.

    -----

    We had already used the payed support for our XG in the past. Unfortunately it turned out that it was an absolute waste of working time. Ultimately, after a while, the community provided the solution.

  • 0 in reply to LuCar Toni

    Hello,

    "So you upgrade the firmware of XG, but not the RED Firmware and all your REDs cannot connect until you reload the configuration? " 

    -> I can now only confirm that two-way network communication was no longer possible until we reloaded the configuration. In order for the RED to notice this reload, at least a connection to our XG must have existed.

    Here is our RED-Config

     

  • 0 in reply to Tom Krämer

    Confirm: connection is up but no traffic flowing until config reloads

  • 0 in reply to LHerzog

    So the VLAN is essentially broken, after an update? 

    Do you have multiple VLANs configured and is only RED50 the affected ones? Same for RED15/20? 

    Which Switch Mode do you use? Is it always VLAN Mode on the ports? 

  • 0 in reply to LuCar Toni

    The VLAN is not functional after update and/or after initial creation.

    Last thing was to move a RED50 from a SG to a XG. After everything was set up, no communication was possible until we resaved the VLAN Interfaces on the RED.

    Only RED50 devices have VLANs attached in our environment and so the Port is in VLAN mode.

  • 0 in reply to LuCar Toni

    Hello,

     

    now the update to HW-17.5.14_MR-14-1.SF300-714 is ready.

    Should I pay attention to special things or collect logs to get closer to the problem?


    Best regards
  • 0 in reply to Tom Krämer

    You could do something, as i did not have the time to reproduce this.

     

    The issue could be caused by the RED or the XG. 

    After the update, the Interface and all VLANs should be there. The Interface should be plugged. You can verify both via #ifconfig and #ethtool 

    You can verify via Tcpdump, if the RED is sending the traffic with VLAN tags or not. See: https://access.redhat.com/solutions/2630851

  • 0 in reply to LuCar Toni

    Update+reboot and it happened again. RED-site not reachable

    ifconifg
    -> red1s and red-VLANs-adapter appear but only reds1 has an ipv4 address

    reds1 Link encap:Ethernet HWaddr 00:AE:04:F3:2B:4D
    inet addr:XX.XX.XX.XX Bcast:XX.XX.XX.XX Mask:255.255.255.0
    inet6 addr: fe80::2ae:4ff:fef3:2b4d/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:4200 errors:0 dropped:1 overruns:0 frame:0
    TX packets:1323 errors:0 dropped:84 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:646384 (631.2 KiB) TX bytes:127008 (124.0 KiB)

    reds1.250 Link encap:Ethernet HWaddr 00:AE:04:F3:2B:4D
    inet6 addr: fe80::2ae:4ff:fef3:2b4d/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:105 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:4830 (4.7 KiB) TX bytes:738 (738.0 B)
    ...

     

    Tried to reach a target on RED destination (ping and https)

    XG210_WP03_SFOS 17.5.14 MR-14-1# tcpdump -i reds1 -nn -e vlan
    tcpdump: Starting Packet Dump

    <no packages recorded>

    XG210_WP03_SFOS 17.5.14 MR-14-1# tcpdump -i reds1.250 -nn -e vlan
    tcpdump: WARNING: reds1.250: no IPv4 address assigned
    tcpdump: Starting Packet Dump

    <no packages recorded>

     

    --------------------------------------------------------------------

    After reloading RED config.

    ifconfig
    -> reds1.250 has ipv4 address

    tcpdump recorded a lot of traffic ^^

    Destination target is reachable (tested to a device in red VLAN250 destination).

     

    Best regards

  • 0 in reply to Tom Krämer

    nice troubleshooting:

    Tom Krämer said:

    After reloading RED config.

    ifconfig
    -> reds1.250 has ipv4 address

    Will monitor this when upgrading our boxes next time.

  • 0 in reply to LHerzog

    Which Firmware version do you use on XG and do you have only RED60 with this issue? 

    Tried it with V18.0 MR1 and a RED20, but this work so far after a standard reboot. 

  • 0 in reply to LuCar Toni

    DEV told me, they actually identified this issue. 
    Feel free to open a Case and refer to: NC-63893 to get a reporting on this issue. 

Reply Children