Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 39 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 10512 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with HA (again)...the HA ports seems to go down randomly

Stefano Sorrentino

Hi Guys,

i have 2 XC 135 with the last firmware update installed on both of them.

The HA connection is made with the QuickHA funktion, in Active-Passive configuration, using a 7.5m straight cable on prot 7 as dedicated HA connection........the HA connection was normally working since two days ago, when i had a problem (i was working from home) i was kicked out from the VPN and the HA config ping from the Primary to the secondary a couple of times.

The day after, back in office, the Auxiliary device was shutted out.....i had to disconnect pysically the firewall from the current and reattach it.

after the restart........using the SSh console, i need to restat it again and the HA was again ok.

After a couple of hours, i had again the ping of the functionality between the Primary and the Auxiliary and the Peer start to be in Fault alarm.

i finished my idea.........i don´t know anymore what to do......here below the logs that i found:

any ideas?

PS (the ha was estabilished using the instruction in this support call https://community.sophos.com/xg-firewall/f/discussions/123582/ha-doesnt-work-in-any-conditions/450470#450470)



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Stefano Sorrentino

    Hello Stefano,

    Please open a case with Support and provide us the Case ID so we can follow-up and investigate along.

    Regards,

  • 0 in reply to Stefano Sorrentino

    Hello Stefano,

    Thank you for the Case ID.

    Could you please submit the output of the applog.log and msync.log in the case!

    Also if possible please send the Access ID in the case 

    Monitor & Analize >> Diagnostics >> Support Access >> ON >> Access Status >> And copy & paste the Access ID 

    Regards,

  • 0 in reply to emmosophos

    Access ID done.....about the logs.....there is a simple way to export or have i to use the ssh? sorry :-)

  • 0 in reply to Stefano Sorrentino

    Hello Stefano,

    Thank you for the Access ID.

    I gathered all the logs and put them in our FTP server, you should be able to see the FTP credentials within the case.

    The only way to export the logs is via SSH.

    I see the Aux device is Faulty, I tried to SSH to see if I could connect, it asked me for the credentials (you might get an email warning) can you share the credentials for Admin via the Ticket, please. We would need to get the logs from the Aux Device.

    Regards,

  • 0 in reply to emmosophos

    Hi Emmanuel done :-D, but i think that the Peer will remain in hang until i restart from the SSH...let me know 

  • 0 in reply to Stefano Sorrentino

    Hello Stefano,

    Thank you, yes I was not able to access. 

    I will ask the engineer that replied to your email today to schedule a session with you, in the meantime if you can bring up HA and connect a console cable to the Aux device, it should help us find what is happening:

    Note: Be sure that the computer in question does not go into Standby or Hibernate while logging.

    Using PuTTY, go to 'Session' - 'Logging.'
    Here, select "All session output', and set the file name to a folder and name for later retrieval.
    Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.
    Start the session, and log in to ensure it is all proper.
    Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.
    Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

    Regards,

  • 0 in reply to Stefano Sorrentino

    Hey Stefano... Were you able to make any progress on this?  I have a pair of XG330's in HA Active-Active that were just installed.  The Auxiliary device keeps rebooting on the latest firmware as well.

  • 0 in reply to Tyler Berger

    Hello Tyler,

    Thank you for contacting the Sophos Community!

    Please open a case with support and provide me the Case ID.

    Most likely you might be affected by NC-64907, there should be a patch available.

    To confirm if you are affected by this please, gather some console logging from the Aux device.

    Note: Be sure that the computer in question does not go into Standby or Hibernate while logging.

    Using PuTTY, go to 'Session' - 'Logging.'
    Here, select "All session output', and set the file name to a folder and name for later retrieval.
    Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.
    Start the session, and log in to ensure it is all proper.
    Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.
    Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

    Also provide applog.log, csc.log, syslog.log, msync.log and networkd.log from the Aux device.

    Regards,

  • 0 in reply to emmosophos

    Sorry Guys, i was in Forced Holidays
    i proceed with the Log Grabbing now.....BTW the Peer is in Hang, so basically if i try now to SSH directly on the Peer Device....all the options are in the state "Please try after some times. System is initializing"