I am have trouble with intermittent synch failures between my primary and passive firewalls. I am currently at OS7.1.16 and TAC told me that to fix my sync issues I need to upgrade to 8, Any thoughts on this
I don't think that 7.1.16 is your issue with this; there certaintly isn't anything recorded as actually needing to update to fix a known issue with HA sync. That being said, with the additional features in 8.0.* and 8.1.* becoming more and more production ready with each passing release (to the point where most installs will have no issue running 8.1.3 in production) I think it's likely a good idea to upgrade to 8.0.* anyways.
How exactly do you have the HA links connected, is it a direct connection to the peer or is it traversing through a switch.
Yes it is going through a switch, I have discussed with the networking team connecting via a direct fiber connection but so far we have not done it yet. I really think this might be the issue but so far I haven't found a way to confirm this
Yes I was very disappointed in TAC I gave them all the logs and they gave me the microsoft answer with no explaination why and upgrade to 8 would fix the issue. I have been trying to find a time to upgrade to OS 8 something but I ran out of time and have to wait for the next school break to do it.
while upgrading to 8.0 is a good idea, haphazardly upgrading may not be the best route (ask for them to confirm which bug number they are intending to fix ;) )
See if there are any error counters on the switch, verify if the link speed and duplex settings all match on every interface (if one is static, ensure the other end is also static, if one is auto, make sure the other end is also auto)
I will try to check the switch. I would love to upgrade to a version of 8 but right now I can't and even if I could I don't see any evidence that is would eliminate my issue.
If these are routing through a switch I'm almost willing to bet that your network team will be able to see something that would point to an issue on the interface counters; whether they'll be honest with you is another story ;)
Out of curiosity what is your HA1 Monitor Hold Time and what is your HA2 Threshold value set to?
Hi @jdprovine, sorry but cant really offer any better advice than that given by @BPry and @reaper. We have several HA pairs and was on that version for quite some time and have never seen such failures, our pairs are usually on the same subnet but different parts of the building....
can you see the HA interfaces from your user LAN/VLAN, Perhaps a constant ping may show some failure somewhere...
We were experiencing what I believe is the same problem a couple months ago. We upgraded to 7.1.18 and that fixed the problem (after contacting support). I know you mentioned you couldn't upgrade to 8 yet, but I wanted to mention our fix in case you were able to do a smaller upgrade.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!