ha sync issues

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

ha sync issues

L4 Transporter

I am have trouble with intermittent synch failures between my primary and passive firewalls. I am currently at OS7.1.16 and TAC told me that to fix my sync issues I need to upgrade to 8, Any thoughts on this

11 REPLIES 11

L4 Transporter

@reaper @Mick_Ball

What do you guys think?

 

I am have trouble with intermittent synch failures between my primary and passive firewalls. I am currently at OS7.1.16 and TAC told me that to fix my sync issues I need to upgrade to 8, Any thoughts on this

@jdprovine,

I don't think that 7.1.16 is your issue with this; there certaintly isn't anything recorded as actually needing to update to fix a known issue with HA sync. That being said, with the additional features in 8.0.* and 8.1.* becoming more and more production ready with each passing release (to the point where most installs will have no issue running 8.1.3 in production) I think it's likely a good idea to upgrade to 8.0.* anyways. 

How exactly do you have the HA links connected, is it a direct connection to the peer or is it traversing through a switch. 

@BPry

Yes it is going through a switch, I have discussed with the networking team connecting via a direct fiber connection but so far we have not done it yet. I really think this might be the issue but so far I haven't found  a way to confirm this

Yes I was very disappointed in TAC I gave them all the logs and they gave me the microsoft answer with no explaination why and upgrade to 8 would fix the issue. I have been trying to find a time to upgrade to OS 8 something but I ran out of time and have to wait for the next school break to do it.

while upgrading to 8.0 is a good idea, haphazardly upgrading may not be the best route (ask for them to confirm which bug number they are intending to fix 😉 )

 

See if there are any error counters on the switch, verify if the link speed and duplex settings all match on every interface (if one is static, ensure the other end is also static, if one is auto, make sure the other end is also auto)

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper

I will try to check the switch. I would love to upgrade to a version of 8 but right now I can't and even if I could I don't see any evidence that is would eliminate my issue.

@jdprovine,

If these are routing through a switch I'm almost willing to bet that your network team will be able to see something that would point to an issue on the interface counters; whether they'll be honest with you is another story 😉 

Out of curiosity what is your HA1 Monitor Hold Time and what is your HA2 Threshold value set to? 

@BPry

HA1 Monitor fail  Hold down Time - 1 minute (auto)

 

HA2 Threshold value set - I think its default is that on the data link section of HA

 

Hi @jdprovine, sorry but cant really offer any better advice than that given by @BPry and @reaper.  We have several HA pairs and was on that version for quite some time and have never seen such failures, our pairs are usually on the same subnet but different parts of the building.... 

 

can you see the HA interfaces from your user LAN/VLAN, Perhaps a constant ping may show some failure somewhere...

 

 

 

 

L2 Linker

We were experiencing what I believe is the same problem a couple months ago. We upgraded to 7.1.18 and that fixed the problem (after contacting support). I know you mentioned you couldn't upgrade to 8 yet, but I wanted to mention our fix in case you were able to do a smaller upgrade.

@Mick_Ball

Thanks Mick 🙂

@TLineberry

Good to know, was there a bug that it fixed or something more specific concerning why the upgrade fixed your issue that I could compare with my issue

  • 3767 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!