Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-13-2018 05:29 AM
I am have trouble with intermittent synch failures between my primary and passive firewalls. I am currently at OS7.1.16 and TAC told me that to fix my sync issues I need to upgrade to 8, Any thoughts on this
09-13-2018 06:14 AM
What do you guys think?
I am have trouble with intermittent synch failures between my primary and passive firewalls. I am currently at OS7.1.16 and TAC told me that to fix my sync issues I need to upgrade to 8, Any thoughts on this
09-13-2018 07:01 AM
I don't think that 7.1.16 is your issue with this; there certaintly isn't anything recorded as actually needing to update to fix a known issue with HA sync. That being said, with the additional features in 8.0.* and 8.1.* becoming more and more production ready with each passing release (to the point where most installs will have no issue running 8.1.3 in production) I think it's likely a good idea to upgrade to 8.0.* anyways.
How exactly do you have the HA links connected, is it a direct connection to the peer or is it traversing through a switch.
09-13-2018 07:07 AM
Yes it is going through a switch, I have discussed with the networking team connecting via a direct fiber connection but so far we have not done it yet. I really think this might be the issue but so far I haven't found a way to confirm this
Yes I was very disappointed in TAC I gave them all the logs and they gave me the microsoft answer with no explaination why and upgrade to 8 would fix the issue. I have been trying to find a time to upgrade to OS 8 something but I ran out of time and have to wait for the next school break to do it.
09-13-2018 07:24 AM
while upgrading to 8.0 is a good idea, haphazardly upgrading may not be the best route (ask for them to confirm which bug number they are intending to fix 😉 )
See if there are any error counters on the switch, verify if the link speed and duplex settings all match on every interface (if one is static, ensure the other end is also static, if one is auto, make sure the other end is also auto)
09-13-2018 08:02 AM
I will try to check the switch. I would love to upgrade to a version of 8 but right now I can't and even if I could I don't see any evidence that is would eliminate my issue.
09-13-2018 08:17 AM
If these are routing through a switch I'm almost willing to bet that your network team will be able to see something that would point to an issue on the interface counters; whether they'll be honest with you is another story 😉
Out of curiosity what is your HA1 Monitor Hold Time and what is your HA2 Threshold value set to?
09-13-2018 08:57 AM
HA1 Monitor fail Hold down Time - 1 minute (auto)
HA2 Threshold value set - I think its default is that on the data link section of HA
09-13-2018 11:42 AM
Hi @jdprovine, sorry but cant really offer any better advice than that given by @BPry and @reaper. We have several HA pairs and was on that version for quite some time and have never seen such failures, our pairs are usually on the same subnet but different parts of the building....
can you see the HA interfaces from your user LAN/VLAN, Perhaps a constant ping may show some failure somewhere...
09-13-2018 12:20 PM
We were experiencing what I believe is the same problem a couple months ago. We upgraded to 7.1.18 and that fixed the problem (after contacting support). I know you mentioned you couldn't upgrade to 8 yet, but I wanted to mention our fix in case you were able to do a smaller upgrade.
09-13-2018 01:43 PM
Good to know, was there a bug that it fixed or something more specific concerning why the upgrade fixed your issue that I could compare with my issue
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
