Recent changes to USG lost after Firmware-Update

Eric_
Eric_ Posts: 24  Freshman Member
First Anniversary 10 Comments Friend Collector
Hello all
Several times now, I noticed that recent changes to Firewalls were lost when afterwards a firmware-update is performed. Recently with a Zywall 110 and USG60.

I made adjustments to several objects, servicegroups and securityrules. All was working fine, the new rules and objects worked as configured. After some weeks there was a need to update the firmware to a more recent one (4.62). The firmware was downloaded/uploaded and a reboot performed. After the reboot, the last changes were lost. I could configure them again from the documentation and config-files but I don't like doing things twice.

Between de adjustments and the firmware-update I did not reboot the device. It feels like the lastgood.conf is used in the firmware-update process and not the startup-config.conf. If so, then before a firmware-update is installed, we should reboot the device or lose parts of the configuration. Any thoughts on this?

Thanks
Eric

Accepted Solution

  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Any thoughts on this?
    By my experience, the configuration conversion is not made while the system reboots, but after the writing of the firmware into standby partition.
    Therefore...
    I don't change settings anymore if the firmware upgrade happened. Only after a reboot, the changes are made.

    Sometimes, when the uptime is higher than 60 days (arbitrary value decided by me) I reboot the firewall before upgrade the firmware, to insure myself than a fallback the previous/current version will work as intended.

All Replies

  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Any thoughts on this?
    By my experience, the configuration conversion is not made while the system reboots, but after the writing of the firmware into standby partition.
    Therefore...
    I don't change settings anymore if the firmware upgrade happened. Only after a reboot, the changes are made.

    Sometimes, when the uptime is higher than 60 days (arbitrary value decided by me) I reboot the firewall before upgrade the firmware, to insure myself than a fallback the previous/current version will work as intended.
  • Eric_
    Eric_ Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Ah, that sounds like a possible reason. It could match the latest 2 updates I did. Load the firmware and, due to whatever reason, perform the update days or weeks later. In between changes were made. I will reboot before the next update.
    At the same time it strikes me as wrong. The real update should be the moment to transfer the (then current) settings and not at some time where I upload the firmware. This is done at separate moments.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @Eric_,
    If you upgrade the new firmware in the running partition, the device will then reboot after firmware upgrade is finished. All modification of web GUI configuration before firmware upgrade will also be saved in the running configurations. No configuration will be lost after firmware upgrade.   

    If you upgrade the new firmware in the standby partition and reboot the standby partition several days later after you upload the firmware, some configuration may not be updated. The running configurations are copied to the standby partition just at the moment when the firmware is uploaded.
    For example, you uploaded firmware 4.72 to the standby partition on Jun. 1st and you didn't reboot it right after the firmware is uploaded.
    On Jun. 8th, you select the standby partition and click "Reboot". Then the settings you modified during Jun. 1st and Jun. 8th are not copied to the standby partition. 

Security Highlight