Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
GianniPapetti
Contributor
Jump to solution

Mobile Access Portal Strangeness after restore

Hi Mates,

At the end of an RMA process that saw the replacement of a node of our ClusterXL, I proceeded to restore the configuration of the old node on the new node.

The cluster works as expected. The only oddity concerns the Mobile Access Portal on the new node; unfortunately there is no authentication method that allows the user to log in as expected.

The portal is instead visible on the other currently primary node.

 

fw01: Restore GW after RMA - Standby in ClusterXL

fw02: Original ClusterXL Active Member

Schermata 2022-09-13 alle 08.30.57.png

 

Any suggestions?
I opened a ticket to the TAC with no satisfaction.

0 Kudos
1 Solution

Accepted Solutions
GianniPapetti
Contributor

Hi mates,

as promised also to the TAC, this afternoon I copied the idpPolicy.xml file from the known active to the restored node and switched traffic to that gatwway,
Everything worked as expected.

By properly checking the backup package set in the GAIA Portal, the directory /opt/CPcvpn-R80.40/phpincs/ is not present where spPortal / idpPolicy.xml is located inside it.

For obvious reasons this file could not be restored.

 

I am definitely perplexed and asked for an explanation since now, I am terrified that the backups are inconsistent.

Thanks you all,

Gianni.

View solution in original post

0 Kudos
5 Replies
_Val_
Admin
Admin

the portal issue, does it happen when your new cluster member is Active? Or are you trying to connect to the standby?

0 Kudos
GianniPapetti
Contributor

Of course it happens when node1 is ACTIVE.

Regards,

Gianni.

0 Kudos
PhoneBoy
Admin
Admin

What version/JHF is this?
It looks like something prior to R80.40, which suggests you should upgrade to a supported release.
R80.30 and R80.20 will be End of Support at the end of this month.
Earlier releases are already End of Support.

0 Kudos
GianniPapetti
Contributor

Hi,

both members are R80.40 take 156.

I think i have solved by comparing fw02 and fw01 /opt/CPcvpn-R80.40/phpincs/spPortal/idpPolicy.xml file.

In the working node the file is filled by IDP metadata instead of the file present on the fw01 node.

Also, i had a look in the backup packet made using gaia portal and the file is missed; i suppose a kind of backup bug.

Tried to copy file on the fw01 node and the login button comes up!

Next Monday i'll switch the cluster and have a try.

Regards,

Gianni.

0 Kudos
GianniPapetti
Contributor

Hi mates,

as promised also to the TAC, this afternoon I copied the idpPolicy.xml file from the known active to the restored node and switched traffic to that gatwway,
Everything worked as expected.

By properly checking the backup package set in the GAIA Portal, the directory /opt/CPcvpn-R80.40/phpincs/ is not present where spPortal / idpPolicy.xml is located inside it.

For obvious reasons this file could not be restored.

 

I am definitely perplexed and asked for an explanation since now, I am terrified that the backups are inconsistent.

Thanks you all,

Gianni.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events