download policy

[maurox]

Hi all,
I don't understand why the VPN-1 edge appliances lose the policy ( downloaded previusly from the smartcenter / not the local policy ) when the smartcenter is unavailable ( this may happen for example during the upgrade of the smartcenter)....
I think this happen after some download failed ...but I'm not sure ...
does anyone note these problems ?
Regards,
Maurox

[kva.kva]

Why do you think that your Edge lose policy?
What status Internet and Service Center connections do you have?
Which Security Level on Security - Firewall page?

[maurox]

I think this because during the upgrade we lost the VPN connectivity .
All the Vpn1-edge have the High level of security .
Now the appliance are working so the status is connected ....
Maurox

[kva.kva]

Check logs (SmartView Tracker's VPN section, Edge's Event Log). Do you see error's on it?

[chillyjim]

what version of the firmware are you running?

[maurox]

The problems were on all Vpn-1 edge appliances ( some of them had the 5.x and some others 6.x) and I had these problems during the Smartcenter upgrade from version R55 to R60.
I'm wondering if this is a normal feature ( after some failed download attempts the appliance start to work only with the local polic) or a missconfiguration...

[abusharif]

Quote:

Originally Posted by maurox

The problems were on all Vpn-1 edge appliances ( some of them had the 5.x and some others 6.x) and I had these problems during the Smartcenter upgrade from version R55 to R60.
I'm wondering if this is a normal feature ( after some failed download attempts the appliance start to work only with the local polic) or a missconfiguration...

Different versions of libsw after upgrade? Wrong libsw version (in compare to edge firmware) will make your edge puke over smartcenter policy. This is always visible in Edge logfiles tho.

[chillyjim]

Quote:

Originally Posted by maurox

I'm wondering if this is a normal feature ( after some failed download attempts the appliance start to work only with the local polic) or a missconfiguration...

No its not normal. As abusharif said make sure you update your libsw. I'd also sugest you run 6.0.76 for your firmware.

[maurox]

Hi all,
now all the appliances are working with the new firmware ( and there aren't any problems) but I don't understand why I have to update the libsw during the smartcenter migration if:
-Before the upgrade all the VPN1-edge were working without any problems ( so the libsw is updfated)
-I think that the r61/r60 libsw is newer than the last R55 libsw

What do you think ?
Best regards,
Maurox

[abusharif]

Quote:

Originally Posted by maurox

Hi all,
now all the appliances are working with the new firmware ( and there aren't any problems) but I don't understand why I have to update the libsw during the smartcenter migration if:
-Before the upgrade all the VPN1-edge were working without any problems ( so the libsw is updfated)
-I think that the r61/r60 libsw is newer than the last R55 libsw

What do you think ?
Best regards,
Maurox

not sure but it could be that libsw is not same for r60/61 and r55 versions, meaning when you upgraded to ngx it got overwritten by older libsw version suited for ngx.

[maurox]

It could be...I think I'm going to thest it when possible...
thanks,
Maurox

[chillyjim]

Quote:

Originally Posted by maurox

Hi all,
now all the appliances are working with the new firmware ( and there aren't any problems) but I don't understand why I have to update the libsw during the smartcenter migration if:
-Before the upgrade all the VPN1-edge were working without any problems ( so the libsw is updfated)
-I think that the r61/r60 libsw is newer than the last R55 libsw

What do you think ?
Best regards,
Maurox

R55 didn't support SmartDefense Updates to Edge boxes, R60A/R61 does. Most of the libsw changes are for SMDF. So R55 was more forgiving because it doesn't support these features.