Recovery steps for USG FLEX/ATP Series with Device HA Firmware Update Fail.

Zyxel_Cooldia
Zyxel_Cooldia Posts: 929  Zyxel Employee
edited June 24 in Security FAQ

Symptom:

Device HA mode update firmware through “Cloud Firmware” upgrade, the network services is keep running on active device and you may get dialog with “Device HA Pro Firmware upload is in progress…” on GUI keep loading. And the firmware version on active device is not upgrade to the new version, but passive device has upgraded to new firmware version. You can check by Login active and passive device via SSH to check the running firmware version.

Active version


Passive version


Affected version:

V5.20C0/V5.21C0/V5.21P1(On-premises mode in device HA)

Solution:

Web GUI operation:

1)  Log in active device Web GUI, and then open new tab on browser to access web console https://x.x.x.x/webconsole/

2)  Enter command to remove app signature.

     -Router # packet-trace extension-filter -w /db/etc/app_patrol/.md5sum

3)  Ctrl + C to terminate packet-trace. 

     

FTP operation:

4)  Download firmware as the link https://portal.myzyxel.com/my/firmwares

5)  Use FTP client login to active device and upload V5.21P1 firmware into folder /firmware1 or /firmware2. It is depending on which one is current running partition, and the firmware is need upload to standby partition.

  

6)  After step 5 firmware upload completed, active device will push firmware again to passive device and proceed firmware upgrade to V5.21P1. (Network services is keep running on active device)

7)  Once passive device firmware is updated to V5.21P1 and boots up successfully, it will take over the network service, and then original active device will proceed firmware upgrade automatically.

8)  After original active device firmware update completed, please login device via SSH to check the Device HA sync status.

Device HA sync status CLI Router> show device-ha2 sync status.


Note: After actions above are completed, the firmware version on both devices is V5.21P1, and device HA had auto sync successfully.