Recovery Steps for Nebula USG FLEX/ATP Series Application Patrol Signature Issue
The App Patrol signature release V126.96.36.19920310.0 may create parsing error on device for both on-premises and on-cloud modes, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting further no matter manually or by schedule
The App Patrol signature release V188.8.131.5220310.0 have been removed.
New urgent patch ZLD5.21 P1 will be available by Wednesday (3/16) avoiding the parsing issue.
If App Patrol signature of your device is updated to version 184.108.40.20620310.0 but not affected, do NOT reboot the device before ZL5.21 P1 is released. Use the command to check signature version.
Access firewall using this link https://"firewall IP"/webconsole input the following command to check signature version:
Router# show app signatures status
REMINDER: Firewall local credentials are located at Site-wide > Configure > General settings.
current version: 220.127.116.1120310.0
If you need to restart the device before 5.21 patch 1 is released for some reasons, here is a solution to overcome this issue BEFORE rebooting your device. Please follow the steps.
1. Access firewall using this link https://"firewall IP"/webconsole input the following command:
Command: packet-trace extension-filter -w /db/etc/app_patrol/.md5sum
2. Ctrl + C to terminate packet-trace
3. Reboot device
If you need technical assistance, please send your request to [email protected].
***If the firewall has been rebooted***
Recovery steps as follows:
Before ZLD5.21 P1 is released, follow the instructions to recover the affected device temporarily.
1. Connect the device directly via the console port using a terminal emulation program. Reboot the device and enter debug mode.
2. Switch to another firmware partition. Type atcd 1 to use firmware partition 1.
3. Type atgo to boot up device.
- If the device is still stuck in reboot loop, repeat the step 1 and step 2 to retry. In step 2, type atcd 2 to use firmware partition 2 to boot up.
- If the device still fail to reboot, please contact the regional support team for the recovery process.
- After device reboots, check the running firmware version. If the firmware version is ZLD4.29, please contact the regional support team for the recovery process.
4. Press RESET button on the device to reset to factory default settings.
5. Re-login device Web GUI, choose Nebula Mode to connect device to Nebula.
- If wan interface is static IP or PPPoE, please configure WAN settings after choosing Nebula Mode
Note: If wan interface is DHCP, you can skip this step. The device will connect to cloud automatically after wan interface gets IP address.
Configure WAN settings.
- 7.8K All Categories
- 1.6K Nebula
- 55 Nebula Ideas
- 53 Nebula Status and Incidents
- 4.3K Security
- 217 Security Ideas
- 911 Switch
- 41 Switch Ideas
- 809 WirelessLAN
- 16 WLAN Ideas
- 5K Consumer Product
- 132 Service & License
- 260 News and Release
- 88 Success Stories
- 49 Security Advisories
- 6 Education Center
- 573 FAQ
- 273 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Nebula Monthly Express
- 67 About Community
- 40 Security Highlight