Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Olusegun_Adekun
Contributor

Unable to log back into a Firewall after Upgrade to R81.20

Hi All,

Has anyone seen this issue before?

Upgraded Firewall from R81.10 to R81.20. After rebooy and push policy to the upgraded Firewall, am not able to login into the Firewall. It looks healthy and good on the Smart Console. 

When I checked the the Active member, it shows me this below that the secondary is LOST. TO WHERE, I ASKED.

1 (local) 10.64.0.252 100% ACTIVE(!)
2 none                         0%     LOST

Active PNOTEs: LPRB, IAC

Last member state change event:
Event Code: CLUS-110305
State change: ACTIVE -> ACTIVE(!)
Reason for state change: Interface eth2.203 is down (Cluster Control Protocol packets are not received)

Attached is the error.

 

Regards

Olu

 
 
 

 

0 Kudos
11 Replies
Gojira
Collaborator
Collaborator

you say "it looks healthy on smart console"

are you saying both cluster members have SIC established and are reachable from the management?

does it respond to ssh on any of the interfaces?
What about via the sync from the active firewall?

Have you LOM access or physical access to check console?

 

0 Kudos
Olusegun_Adekun
Contributor

Hi Gojira,

you say "it looks healthy on smart console" - Yes on Smart Console is Green 

are you saying both cluster members have SIC established and are reachable from the management? Both have SIC Established

does it respond to ssh on any of the interfaces? It does not respond to https from all the interfaces, so I presume ssh will not work as well.
What about via the sync from the active firewall? Tried (ssh myusername@ipaddress) from the active Firewall.

It is a very strange one to be honesst and MVC is ON as well.

0 Kudos
Oliver_Fink
Advisor
Advisor

Had the same issue today. Have you tried to login via sync interface from the active one. That worked for me.

After that I did a "cphaconf mvc on" and everything was fine.

0 Kudos
Olusegun_Adekun
Contributor

Hi Oliver,

I tried it already, it says "connection time out."

0 Kudos
JozkoMrkvicka
Authority
Authority

If SIC from management is working fine, you can use cprid_util from management to execute any command(s).

Kind regards,
Jozko Mrkvicka
0 Kudos
Olusegun_Adekun
Contributor

Ok will try it.

Thanks

Olu

0 Kudos
Olusegun_Adekun
Contributor

Hi Oliver, a quick question please. Which command did you use to login from Active to the Standby.

ssh username@ip address - Is this correct

Thanks

0 Kudos
the_rock
Legend
Legend

Thats it...example:

ssh admin@10.10.10.11

Best,

Andy

0 Kudos
Olusegun_Adekun
Contributor

Thanks Legend. Much Appreciated.

0 Kudos
the_rock
Legend
Legend

For you, no charge ; - )

0 Kudos
the_rock
Legend
Legend

By the way, forgot to mention, to me, appears that based on the output in your original post, clearly if the other member shows as lost, then clustering is broken. Can you check below commands:

cphaprob -a if

cphaprob -i list

cphaprob -l list

cphaprob syncstat

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events