Hi,

Core Dumps and Kernel Crashes, in which GW path are they hosted?

Revising the messages in this scenario is still an option?

Cheers

Core Dumps -> /var/log/dump/usermode

Kernel Crashes -> /var/log/crash/

Messages -> /var/log/ -> messages and all the ones after messages.*

Hey bro,

Just check what @Tal_Paz-Fridman provided and if you see anything relevant there, upload to TAC case via sftp account and they can analyze.

Andy

Thats an excellent point @Lesley 

Andy

Hello,

The problem is still being reviewed by the CT.

They can't find the error.

Today the box went down again at 00:00 and did not pick up again, we had to restart the box manually, to get it to pick up again, and when it turned on, it turned on with errors, the Cluster VSX, picked up broken.

It really is a headache.

CT is checking Core Dumps, Crash Files, Hardware Diagnostic, CPinfo and still can't find a concrete answer.

Let's hope for a mirale. 🥲

Thats unfortunate...lets hope for the best.

Andy

Could you please share the version/JHF level of the system?

Hi,

R81.20 with JHF Take 84

The device restarts unexpectedly from time to time.
Sometimes it lifts quickly, and other times it takes many hours to lift, and it becomes necessary to force its recovery manually and manually.

Cheers

Does it always crash a specific time? right at 00.00 is a bit suspicious. any cron jobs at that moment? Or IPS/AV/AB updates etc?

Excellent point Lesley!

Hello,

It restarts at any time, it does not have an exact time.
What it is exact, is that the box, at the least thought moment, falls, and sometimes we have to force its ignition manually.

Cheers.

Hey bro,

Honestly, if I were you, I would install jumbo 99. At this point, it cant make it worse, only better.

Andy

Some relevant fixes in JHF takes released since potentially include:

PRJ-56673, PRHF-35637: Memory corruption occurs when a bond interface is configured, leading to a Security Gateway crash with a vmcore or a boot loop.

PRJ-56480, PMTR-107271: In some scenarios, the VSX cluster can take extra time to boot up and activate the Virtual Systems.

Yes Chris, sorry, forgot to include those.

This is what comes up when searching for "crash" in take 99 fixes.

Andy

Buddy,

I am not a VSX expert, and I would like to know if in order to upgrade the JHF in the VSX Cluster to try to correct this problem, it is necessary to 'break' the VSX Cluster, and work with the upgrade first on the equipment that is in Stanby and then the one that is Active.

Or is it not necessary to break the Cluster?

Thank you.

Correct...so method is the same, no matter the vendor, my friend. Can be Cisco, PAN, Fortinet, Sophos, whatever...you ALWAYS upgrade backup member, reboot, then do master, reboot. I would not bother flipping over to original master member, just leave it as is.

Andy

Is it possible to do the Hotfix upgrade on the STANDBY member of the VSX Cluster, without the need to ‘break the cluster’ with the clusterXL_admin down command?

Or is it mandatory to always ‘break’ the cluster?

I see this would be the last way to test if this device is corrected by doing the JHF upgrade to the Cluster.

Yes, you can do that, but its better if both members are on same jumbo.

Andy

Btw, if you do that, do not leave it like it for more than a day or 2, just my personal opinion.

Andy

Not sure if it might be worth installing jumbo 99 if you are on R81.20...

Andy