[seanmac1904]

I had this sic error (on solaris) my issue was that in /etc/rc3.d S99cpboot happened before my S99staticroutes file

therefore my module had not route to mgmt server and loaded the default policy.

I did an fw unloadlocal and pushed a new policy after the routes were added and all was fine ( I aslo changed my staticroutes to S98staticroutes so it happened before the CPboot)

I noticed you said you pushed a policy in the middle of the upgrade, my reading of the NGX upgrade guide said this is a "bad idea" for a zero-downtime cluster upgrade.

this is how I did it (and it went reasonably smoothly)

I needed to add set nautopush=64 to my /etc/system and change my routes file (as above)


here my process

NGX Upgrade Process

1. run cphaconf set_ccp broadcast on all cluster members

2. choose cluster_member1 as the final cluster member (upgrade cluster_member2 first)

3. attach NGX licenses to both firewalls

4. upgrade cluster_member2 using smartupdate

5. issue cphaprob stat on cluster_member1 and verify it is active or active-attention

6. issue command fw ctl setsync off on cluster_member1

7. issue cphastop on cluster_member1at this point Cluster_member2 will take up the load

8. use smartupdate to upgrade cluster_member1

9. reboot cluster_member1

10. run cphaconf set_ccp multicast followed by cphastart on all cluster members


there are a couple of steps you need to do if you dont use smartupdate to do with compiling the policy

hope this is of some help

cheers for now

Sean in Perth