- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-08-2016 03:34 AM - edited 09-09-2016 08:48 AM
Hi Guys,
Looking to upgrade HA pair active/passive from 6.1.12 to the 7.0.9.
Anything that l should be aware of. I am checking known issues and release notes. Same for the security advisory. But maybe something from your experience (issues that currently reported but will be fixed in the next release)
Thx,
Myky
09-08-2016 07:12 AM
Thx Brad for you input
09-08-2016 07:13 AM
We recently upgraded from 7.0.8 due to issues with the Ldap/UserID failing and locking everyone out of GP Portal. So far so good on 7.0.9 although we are currently looking into an issue where the IPSEC tunnel went down but stills shows up in the gui until you reboot the active unit in the HA Pair.
09-08-2016 07:38 AM
@DensonJHH you may want to run both show vpn ipsec-sa tunnel {name} and show vpn ike-sa gatway {name} and see if they are not being released from there. I've run across an issue on our 3020s that if the tunnel goes 'down' but still shows up on the system the 3020 won't realize that the tunnel has dropped and still show that it's up on the gui.
09-11-2016 05:50 PM
Here is my experience with 7.0.9 on 5060 running vSYS so far.
1. group-mapping shows up as 0 groups. Only solution is to restart the userID process.
2. group-mapping for UserIDs does not refresh after 12 hours (you can see the refresh timer to go up and up). TAC is aware of the problem, the suggestion is to restart the userID process or run debug software trace or core userid to see if it will kick start userID process.
3. After restart the userID process, the userID process is not able to connect to the Agentless userID for ip/user mapping update for about every other time to restart the userID process. The only solution is to restart the userID, if it still does not work, fail over.
At this point, TAC said it is related to GLIBC bug, recommended to upgrade to 7.1.4+. Engineering is not going to backport the GLIBC fixes to 7.0 code.
09-12-2016 07:55 AM
Cheers. So this issue seen when you are running vSYSs. Is that correct?
09-12-2016 08:31 AM
The firewalls that I support run with multiple vsys(es). I don't have another way to compare it.
09-12-2016 08:33 AM - edited 09-15-2016 01:37 PM
Hi. Thanks. This is what l wanted to confirm 🙂
09-22-2016 08:00 AM
yes I did that was supper helpful.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!