Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 28 subscribers
  • Views 1800 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA Active-Passive XG310 not working

Hung Ho

Hi,

I'm new to configure HA for both XG310, both XG310 establish HA not properly. 

On the XG node1 it shows:

go to System Services>High Availability:

1. The "Serial Number" has a red "Standalone" next to it

2. The "Peer Serial Number" has a red "Faulty" next to it

On the XG node 2 it shows:

go to System Services>High Availability:

1. The "Serial Number" has a red "Not available" next to it

2. The "Peer Serial Number" has a red "Not available" next to it

Here is the applog.log from XG node1

Oct 29 18:44:21 enableha: enableha called from GUI
Oct 29 18:44:22 enableha: peer Port2 is found down, but going ahead... !!!
Oct 29 18:44:22 ha: fwm:allowha successfully done
Oct 29 18:44:29 ha: handle_stat_change: 0:5 [ NA=0 AUX=1 STAND=2 PRIM=3 FAULT=4 READY=5 GOTO_PRIM=6 ]
Oct 29 18:44:29 ha: handle_stat_change: no state transition required
Oct 29 18:44:30 ha: fwm:enableha successfully done
Oct 29 18:44:30 ha: going to start tracking the devices
Thu Oct 29 18:44:30 +07 2020 ha: trackdevice.sh: start tracking the device done
Oct 29 18:44:31 enableha: enableha on peer done
Oct 29 18:44:34 ha: handle_stat_change: 5:2 [ NA=0 AUX=1 STAND=2 PRIM=3 FAULT=4 READY=5 GOTO_PRIM=6 ]
Oct 29 18:44:34 ha: handle_stat_change: g_ha_hsc=1 is set.
Oct 29 18:44:34 ha: g_ha_transmode=1 [ CONFIG=1 INIT=2 EVENT=0 ]
Oct 29 18:44:34 ha: start tracking the device
Oct 29 18:44:34 ha: fwm:disablearpha successfully done
Oct 29 18:44:34 ha: ctsyncd started
Oct 29 18:44:34 ha: ctsyncd commited
Oct 29 18:44:34 ha: ctsyncd external cache flushed
Oct 29 18:44:34 ha: msync:applyha: stop tracking the monitoring interfaces
Oct 29 18:44:34 ha: msync:applyha: virtual macs are assigned
Oct 29 18:44:34 ha: msync:applyha: going to start tracking the monitoring interfaces
Thu Oct 29 18:44:34 +07 2020 ha: trackdevicewait.sh: device sleeping
Oct 29 18:44:37 ha: Restart DHCP / PPP client on event of enable ha
Oct 29 18:44:38 ha: networkd:dynaiface_client_start called
Oct 29 18:44:38 ha: msync:applyha: network part done
Oct 29 18:44:38 ha: fwm:applyha successfully done
Oct 29 18:44:38 ha: msync:garpha: send_arp 10.10.80.250 00:E0:20:11:0A:2F 10.10.80.255 ff:ff:ff:ff:ff:ff Port1
Oct 29 18:44:38 ha: msync:garpha: send_arp 2xx.xxx.xxx.xxx 00:E0:20:11:08:E8 2xx.xxx.xxx.xxx ff:ff:ff:ff:ff:ff Port2
Oct 29 18:48:20 ha: Booting up in XG310_WP02_SFOS 17.5.13 MR-13
Oct 29 18:48:20 ha: msync: before_start: lspci Port1 Port10 Port11 Port12 Port2 Port3 Port4 Port5 Port6 Port7 Port8 Port9
Oct 29 18:48:20 ha: msync: before_start: Port8 is static interface
Oct 29 18:48:29 ha: handle_stat_change: 0:5 [ NA=0 AUX=1 STAND=2 PRIM=3 FAULT=4 READY=5 GOTO_PRIM=6 ]
Oct 29 18:48:29 ha: handle_stat_change: g_ha_hsc=1 is set.
Oct 29 18:48:29 ha: handle_stat_change: 0:5 done.
Oct 29 18:48:29 ha: handle_stat_change: g_ha_hsc=0 is set.
Oct 29 18:48:33 ha: handle_stat_change: 5:2 [ NA=0 AUX=1 STAND=2 PRIM=3 FAULT=4 READY=5 GOTO_PRIM=6 ]
Oct 29 18:48:33 ha: handle_stat_change: g_ha_hsc=1 is set.
Oct 29 18:48:33 ha: g_ha_transmode=2 [ CONFIG=1 INIT=2 EVENT=0 ]
Oct 29 18:48:33 ha: starting system services
Oct 29 18:48:58 ha: ctsyncd started
Oct 29 18:49:05 disableha: disableha called from CLI
Oct 29 18:49:05 disableha: HA state transition is going on. Please try after a while. !!!
Oct 29 18:49:33 enableha: strongswan ha enabled
Thu Oct 29 18:49:56 +07 2020 ha: poststartupwait.sh: init sleeping
Thu Oct 29 18:50:06 +07 2020 ha: poststartupwait.sh: init sleeping over
Oct 29 18:44:38 ha: msync:garpha: send_arp 10.10.80.250 00:E0:20:11:0A:2F 10.10.80.255 ff:ff:ff:ff:ff:ff Port1
Oct 29 18:44:38 ha: msync:garpha: send_arp 2xx.xxx.xxx.xxx 00:E0:20:11:08:E8 2xx.xxx.xxx.xxx ff:ff:ff:ff:ff:ff Port2
Thu Oct 29 18:50:08 +07 2020 ha: trackdevice.sh: start tracking the device done
Oct 29 18:50:08 ha: mail sent successfully
Oct 29 18:50:08 ha: initcomp: 5:2 done.
Oct 29 18:50:08 ha: initcomp: g_ha_hsc=0 is set.
Thu Oct 29 18:50:08 +07 2020 ha: poststartupwait.sh: init state transition done
Oct 29 19:01:41 disableha: disableha called from CLI

Here is the applog.log from XG node2

Oct 29 18:42:00 enableha: enableha called from PEER
Oct 29 18:42:00 ha: fwm:allowha successfully done
Oct 29 18:42:00 enableha: strongswan ha enabled
Oct 29 18:42:00 enableha: HA is enabled now.
Oct 29 18:53:02 ha: sync_message: failed !!!
Oct 29 18:56:05 ha: msync:manage accessip on Port5 add
Oct 29 18:56:40 ha: msync:manage accessip on Port4 add
Oct 29 18:57:03 ha: msync:manage accessip on Port3 add
Oct 29 18:57:27 ha: sync_message: failed !!!
Oct 29 19:01:54 disableha: disableha called from CLI
Oct 29 19:01:55 ha: msync:disableha: original macs are assigned
Oct 29 19:01:58 ha: msync:disableha: send_arp 10.10.80..251 C8:4F:86:05:32:D0 10.10.80..255 ff:ff:ff:ff:ff:ff Port1
Oct 29 19:01:58 ha: msync:disableha: send_arp C8:4F:86:05:32:D1 255.255.255.255 ff:ff:ff:ff:ff:ff Port2
Oct 29 19:01:58 ha: msync:disableha: send_arp failed for Port2 !!!
Oct 29 19:01:58 ha: msync:disableha: send_arp C8:4F:86:05:32:D2 255.255.255.255 ff:ff:ff:ff:ff:ff Port3
Oct 29 19:01:58 ha: msync:disableha: send_arp failed for Port3 !!!
Oct 29 19:01:58 ha: msync:disableha: send_arp C8:4F:86:05:32:D3 255.255.255.255 ff:ff:ff:ff:ff:ff Port4
Oct 29 19:01:58 ha: msync:disableha: send_arp failed for Port4 !!!
Oct 29 19:01:58 ha: msync:disableha: send_arp C8:4F:86:05:32:D4 255.255.255.255 ff:ff:ff:ff:ff:ff Port5
Oct 29 19:01:58 ha: msync:disableha: send_arp failed for Port5 !!!
Oct 29 19:01:58 ha: msync:disableha: send_arp 10.10.2.42 C8:4F:86:05:32:D7 10.10.2.255 ff:ff:ff:ff:ff:ff Port8
Oct 29 19:01:58 ha: Restart DHCP / PPP client on event of enable ha
Oct 29 19:01:58 ha: networkd:dynaiface_client_start called
Oct 29 19:01:58 ha: msync:disableha: network part done
Oct 29 19:01:58 ha: fwm:disableha successfully done
Oct 29 19:01:58 ha: Mail not configured !!!
Oct 29 19:02:11 disableha: strongswan ha disabled
Oct 29 19:02:11 disableha: disableha done
Oct 29 19:12:36 enableha: enableha called from PEER
Oct 29 19:12:37 ha: fwm:allowha successfully done
Oct 29 19:12:37 enableha: strongswan ha enabled
Oct 29 19:12:37 enableha: HA is enabled now.
Oct 29 19:21:01 disableha: disableha called from GUI
Oct 29 19:21:02 ha: msync:disableha: original macs are assigned
Oct 29 19:21:05 ha: msync:disableha: send_arp 10.10.80..251 C8:4F:86:05:32:D0 10.10.80..255 ff:ff:ff:ff:ff:ff Port1
Oct 29 19:21:05 ha: msync:disableha: send_arp C8:4F:86:05:32:D1 255.255.255.255 ff:ff:ff:ff:ff:ff Port2
Oct 29 19:21:05 ha: msync:disableha: send_arp failed for Port2 !!!
Oct 29 19:21:05 ha: msync:disableha: send_arp C8:4F:86:05:32:D2 255.255.255.255 ff:ff:ff:ff:ff:ff Port3
Oct 29 19:21:05 ha: msync:disableha: send_arp failed for Port3 !!!
Oct 29 19:21:05 ha: msync:disableha: send_arp C8:4F:86:05:32:D3 255.255.255.255 ff:ff:ff:ff:ff:ff Port4
Oct 29 19:21:05 ha: msync:disableha: send_arp failed for Port4 !!!
Oct 29 19:21:05 ha: msync:disableha: send_arp C8:4F:86:05:32:D4 255.255.255.255 ff:ff:ff:ff:ff:ff Port5
Oct 29 19:21:05 ha: msync:disableha: send_arp failed for Port5 !!!
Oct 29 19:21:05 ha: msync:disableha: send_arp 10.10.2.42 C8:4F:86:05:32:D7 10.10.2.255 ff:ff:ff:ff:ff:ff Port8
Oct 29 19:21:05 ha: Restart DHCP / PPP client on event of enable ha
Oct 29 19:21:05 ha: networkd:dynaiface_client_start called
Oct 29 19:21:09 ha: msync:disableha: network part done
Oct 29 19:21:09 ha: fwm:disableha successfully done
Oct 29 19:21:09 ha: Mail not configured !!!
Oct 29 19:21:21 disableha: strongswan ha disabled
Oct 29 19:21:21 disableha: disableha done



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to dirkkotte

    hi,

    sure, both of them are registered on the same Sophos ID. The active device is running under license.

  • 0 in reply to Hung Ho

    Seems like the Sync didnt work. So the Aux disabled HA. 

    Which firmware did you use? 

  • 0 in reply to LuCar Toni

    I'm using FW 17.5.13 MR13. I am going to upgrade it to 17.5.14 MR14. Is there any way to pre-check all the services like msync are running? 

  • 0 in reply to Hung Ho

    You should check the Msync.log if you find any issues on Prim/Aux between this timeframe. 

    Oct 29 18:57:03 ha: msync:manage accessip on Port3 add
    Oct 29 18:57:27 ha: sync_message: failed !!!

    Because between those 25 sec, there seems to be a issue in the sync. 

  • 0 in reply to LuCar Toni

    Hi,

    Unfortunately, the msync.log is empty on both devices :( .

  • 0 in reply to Hung Ho

    Hell Hung,

    What is configured in the Slave device at the moment? Only the Port1 to access to the GUI and the HA port?

    console> system diagnostics show version-info

    What is the output of the above command?

    Regards,

  • 0 in reply to Hung Ho

    Check the ctsync.log and applog.log on both appliances. 

    msync will only be used in case the HA is build up, which is not the case in your issue. 

  • 0 in reply to emmosophos

    Hi Emmanuel,

    Yes, only Port1 and HA port can accessible.

    console> system diagnostics show version-info <= both appliances are the same except Serial Number and Device-Id. 

    I have some queries:

    1. Does need the password of Admin is the same on both appliances? Just want to confirm since I did on virtual lab it no need be the same.

    2. Are the interfaces connected will be assigned virtual mac address after HA establish?

    3. During enable HA, is there network downtime?

    4. What will be sync from the Primary appliance since the XG310-Node1 data too much?

    Regards,

    Hung

     

  • +1 in reply to Hung Ho

    I've just established the HA worked after getting fail for the first time.

    I made some changes to appliances before trying to enable HA for the second time. Below I did:

    - Upgrade both appliances to the latest firmware 17.14 MR-14.
    - Reset factory on the Aux appliance.
    - Unbind all the interface on the Aux appliance, except the HA link port.

    During the enable HA process, I got this event on applog.log, did it important?
    Nov 04 19:10:22 ha: failure in syncing patterns from primary!!!

    After enabling HA successful, services like SSL-VPN, IPSec VPN, NAT webs,... not stable for a while, after a couple of minutes those services are back to normal. Is this transition a normal process? 

    Regards,

    Hung