Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 27 replies
  • Answers 2 answers
  • Subscribers 36 subscribers
  • Views 4448 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA flop on manual firmware upgrade to 19.5

David Moro

Hi everyone,

i've this problem, when i try to upgrade the firmware from 19.0.1 to 19.5.0 manually with signature file on XGS136 the firewall cluster start to flot from 

primary - auxiliary to standalone - fault...

This happens only if one of the monitored interface has a DHCP server configured on the firewall....

Has anyone had the same problem?



This thread was automatically locked due to age.
  • +1 in reply to MarekDalke

    Hello David, Marek,

    There is one suspected area noticed by dev team related to link flapping in XGS appliances.

    Internal ticket is raised (NC-111325) and team is working on it.

    Someone from engineering will contact you to help us verify the fix once it's ready.

    Meanwhile, you can try this workaround for time being (not full proof but can help reduce the probability):

    - Please disable the HA pair and upgrade both the appliances separately to 19.5 and enable HA again.

    - As HA is sensitive to interface up/down event, I suggest to remove "monitoring links" from HA configuration.

    - It will still have possibility of split-brain if dedicated link will up/down randomly. To minimize its probability, I would suggest to increase "keepalive interval" and "keepalive attempts" to MAX value (500ms and 24 respectively).

    Regards,

    Sanket Shah

  • 0 in reply to sanket.shah

    Hello David,

    We had this problem too while updating for a customer. From 6 updates (HA pairs), we had this problem 4 times.

    I want to get updates from your internal ticket, thus I am writing here.

    I have some more updates planned for Sunday. I will let you know how it went. 

    We do not have at ticket at Sophos for the moment. 

  • 0 in reply to Facundo Ferri

    Hello Facundo,

    Could you please share the Case ID with us.

    Regards,

  • 0

    I did have same issue. HA Cluster has been updated properly. But every couple minutes appliances flipping one another. 

    I have disabled HA on active device, it did not resolve issue. I had to power off faulty one. HA Status was showing one of device is faulty. 

    Do you have exact same manufactured year (hardware version) on both devices? 

    In my past experiences: When a major update/update implemented, if device hardware version are not same, this causes problem on HA Environments. 

  • 0 in reply to SplashlightSupport

    Hello there,

    Can you send the Access ID to your device via PM, so we can confirm if this matches the same NC-111325 or if something else might be causing this.

    Did you create a case for this by any chance? if so can you share it. 

    Regards,

  • 0 in reply to emmosophos

    Hi there yes. We have create a case. An support technician is trying to deal with it. This is second time happening to us when we deal major updates. 

  • 0 in reply to SplashlightSupport

    Hello there,

    Can you share the Case ID here or via PM? If you haven't enable the Access ID, please enable it and share it via PM.

    Regards,