R80.20 "Get Gateway Data" Execution Error. R75.47 gateways.

[Huzzaa]

Good afternoon,

This is my first ever time posting in these forums so apologies ahead of time for any mistakes to be made(including lacking of understanding, I am fairly new in the field in general).

We recently upgraded our security management server from R77.30 to R80.20 using the ./migrate export/import method to get there.

The upgrade was successful without any real hiccups, all the data we needed is in the new management machine. Policy installation works, logs are operating, licenses seemingly work as well but not quite the way I think is normal.
And the primary problem we encountered after the upgrade is that we can no longer "Get Gateway Data" from our installed VPN cluster gateways.

What happens is that the operation starts, checks connectivity, succeeds, then proceeds to a step named "verifying" and after a while being stuck on it, fails with "Execution error". There aren't any more error details that I can gather from the GUI anywhere, at least I haven't found it. The gateways are version R75.47, maybe this is simply the reason?


Another side-problem that came with it is that when we do "Get Licenses" from any of our installed gateways, they come back with 0 licenses retrieved. Even though all the machines have a license installed. Hence I am expecting it to return with 1 license retrieved not 0. Detaching and reattaching licenses works. And is also confirmed by doing cplic print on the cluster gateways themselves.

We have only installed policy onto 1 of our gateway clusters(one that receives no important traffic). And no others, manually. But however, after the upgrade, we realized that the newly setup management server was inaccessible through our jumphosts due to the firewall disallowing the new port it was operating out of. Therefore we were out in the dark for a short while before we were able to access it. During this phase of darkness it seemingly looked as if the new management server installed policies on its own to all the gateway clusters, because our monitoring(nagios) picked up rta's of over 800ms, 5-10% packet loss which indicates to such an activity(It happens because some of the links are old, so old in fact that they are running 512kbps). Hence the bandwidth pushed congests them for some time. I'm pointing this out that maybe perhaps it managed to screw something up? Even though in the install logs, the new management server doesn't report anything other than our own manual policy installation that we did the next day.

Our systems cannot afford any outage between remote VPN sites during daytime hours, hence the reason for having to wait before we could load a firewall policy to actually access the SmartConsole dashboard.(SSH tunneling didn't work because of the crypto negotiation)

Any help would be appreciated,
Thanks.

[Huzzaa]

Alright, just a follow-up post.

I did some testing, took me a while to set it up and work though the nuances but the whole thing operates as expected and perfectly fine once the GWs themselves are brought up to the version level R80.20.

After which, this "bug" disappears, Get Gateway Data works and license management operates alright.

The only nuisance left, is actually doing them with as little downtime as possible :).