PDA

View Full Version : Provider-1 NGX R65 HFA60 Upgrade Problem



pff2905
2010-01-12, 19:50
Hi,

I have upgraded NGX R65 Provider-1 HFA50 to HFA60, following all instructions as should. After I rebooted the MDS, I lost all Interface configurations. I manually configured the Interfaces exactly as it was before with the "sysconfig" tool.

After the upgrade, I am still able to open the both CMAs (via Check Point tools) and I can edit objects, add objects, install policies and view logs, etc. Although I can still do all actions, it takes about 30 seconds longer to edit any of the mentioned actions.

What I have noticed:

1. When running the MDSSTAT, the MDS and CMAs shows down in all catagories. I have tried to manually start them all, looked for zombie processes, etc.
2. SmartView Monitor shows the CMA as down.
3. When editing an object, the error message "Unable to contact the Certificate Authority on the SmartCetbter Station." message.
4. When editing an object in RO mode, the object opens without any problems.
5. Policies can be installed successful to Gateways. When the Database Review option is selected, the policy installation fails.

Hope there is someone with a similar experience, which resolved the problem.

Thanks

cciesec2006
2010-01-13, 08:18
Hi,

I have upgraded NGX R65 Provider-1 HFA50 to HFA60, following all instructions as should. After I rebooted the MDS, I lost all Interface configurations. I manually configured the Interfaces exactly as it was before with the "sysconfig" tool.

After the upgrade, I am still able to open the both CMAs (via Check Point tools) and I can edit objects, add objects, install policies and view logs, etc. Although I can still do all actions, it takes about 30 seconds longer to edit any of the mentioned actions.

What I have noticed:

1. When running the MDSSTAT, the MDS and CMAs shows down in all catagories. I have tried to manually start them all, looked for zombie processes, etc.
2. SmartView Monitor shows the CMA as down.
3. When editing an object, the error message "Unable to contact the Certificate Authority on the SmartCetbter Station." message.
4. When editing an object in RO mode, the object opens without any problems.
5. Policies can be installed successful to Gateways. When the Database Review option is selected, the policy installation fails.

Hope there is someone with a similar experience, which resolved the problem.

Thanks


Even if it is "after the fact", I have to ask:

#1- did you perform and "mds_backup" prior to the upgrade,
#2- did you perform an "snapshot" prior to the upgrade,

If you are experiencing issues after the upgrade, this is what I would do,

#1- perform an mds_backup immediately, this will retain the issue you have,
#2- perform a "snapshot" immediately. This will retain the issue you have,
#3- perform a "revert" from the previous backup. That will take you back to a good system with everything still intact.

pff2905
2010-01-13, 08:37
Yes, I did take a snapshot and mds_backup prior to the upgrade. A restore would be our last option. We have upgraded to HFA60 due to memory leaks, Bond0 interface packet drop problems and much more. To revert to a previous good known backup, might resort in the same small problems we had before to return.

If there is no other option or solution to this problem, we will revert to the previous good known backup.

boldin
2010-01-13, 12:38
We are about to do the same, only from HFA 02 to HFA 60. This is also due to memory leak problems. We skipped HFA 30 and 40 for obvious reasons. We heard about 60 coming out so soon after the decision was made to move to 50 that we just decided to wait a bit longer.

Please let us know if this is resolved and how, in case we also run into it.

We always do appropriate backups and I'm sure we will before moving forward with this in the future so hopefully we'll be ok on that front.

Thank you.