ha sync issues

Reply
L4 Transporter

ha sync issues

I am have trouble with intermittent synch failures between my primary and passive firewalls. I am currently at OS7.1.16 and TAC told me that to fix my sync issues I need to upgrade to 8, Any thoughts on this

L4 Transporter

Re: ha sync issues

@reaper @MickBall

What do you guys think?

 

I am have trouble with intermittent synch failures between my primary and passive firewalls. I am currently at OS7.1.16 and TAC told me that to fix my sync issues I need to upgrade to 8, Any thoughts on this

L7 Applicator

Re: ha sync issues

@jdprovine,

I don't think that 7.1.16 is your issue with this; there certaintly isn't anything recorded as actually needing to update to fix a known issue with HA sync. That being said, with the additional features in 8.0.* and 8.1.* becoming more and more production ready with each passing release (to the point where most installs will have no issue running 8.1.3 in production) I think it's likely a good idea to upgrade to 8.0.* anyways. 

How exactly do you have the HA links connected, is it a direct connection to the peer or is it traversing through a switch. 

L4 Transporter

Re: ha sync issues

@BPry

Yes it is going through a switch, I have discussed with the networking team connecting via a direct fiber connection but so far we have not done it yet. I really think this might be the issue but so far I haven't found  a way to confirm this

Yes I was very disappointed in TAC I gave them all the logs and they gave me the microsoft answer with no explaination why and upgrade to 8 would fix the issue. I have been trying to find a time to upgrade to OS 8 something but I ran out of time and have to wait for the next school break to do it.

Community Manager

Re: ha sync issues

while upgrading to 8.0 is a good idea, haphazardly upgrading may not be the best route (ask for them to confirm which bug number they are intending to fix ;) )

 

See if there are any error counters on the switch, verify if the link speed and duplex settings all match on every interface (if one is static, ensure the other end is also static, if one is auto, make sure the other end is also auto)

 

 


Help the community: Like helpful comments and mark solutions
Reaper out
L4 Transporter

Re: ha sync issues

@reaper

I will try to check the switch. I would love to upgrade to a version of 8 but right now I can't and even if I could I don't see any evidence that is would eliminate my issue.

L7 Applicator

Re: ha sync issues

@jdprovine,

If these are routing through a switch I'm almost willing to bet that your network team will be able to see something that would point to an issue on the interface counters; whether they'll be honest with you is another story ;) 

Out of curiosity what is your HA1 Monitor Hold Time and what is your HA2 Threshold value set to? 

L4 Transporter

Re: ha sync issues

@BPry

HA1 Monitor fail  Hold down Time - 1 minute (auto)

 

HA2 Threshold value set - I think its default is that on the data link section of HA

 

L6 Presenter

Re: ha sync issues

Hi @jdprovine, sorry but cant really offer any better advice than that given by @BPry and @reaper.  We have several HA pairs and was on that version for quite some time and have never seen such failures, our pairs are usually on the same subnet but different parts of the building.... 

 

can you see the HA interfaces from your user LAN/VLAN, Perhaps a constant ping may show some failure somewhere...

 

 

 

 

Highlighted
L2 Linker

Re: ha sync issues

We were experiencing what I believe is the same problem a couple months ago. We upgraded to 7.1.18 and that fixed the problem (after contacting support). I know you mentioned you couldn't upgrade to 8 yet, but I wanted to mention our fix in case you were able to do a smaller upgrade.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!