The upgrade issue from 4.25 to 4.30
Comments
-
Thanks Christian.
My configuration is simpler than your one but the fact that three sites could be concurrently affected doesn't make it easier to manage in case of any form of update failure (I mean: an USG can boot correctly into new 4.30 but then, if the configuration shows issues - at any level - that will mean that I have to go physically on the affected site to fix the issue and I should do it as fast as I can).
Thanks for sharing.
Davide.
Edit: I performed a 4.25 Patch 1 to 4.30 update on a standalone USG60 and all was smooth so I'm confident the same will happen on other VTI VPN connected USGs.
0 -
Because of multiple reports of serious problems with Firmware v4.30 it is better to stay with 4.25 as I have done, if you have critical equipment etc, and let others try out v4.30 and report the problems. Nothing important was fixed, upgraded or solved in v4.30 for me and I will not upgrade since my USG 60W is working fine. But then again I have no special configuration or services in use, just the basic firewall.
0 -
Hi
We have also run into problems after upgrading to v4.30.
After uploading firmware and reboot, all configuration was completely wiped.
After all configuration was manually typed in again!(not first upgrade that have done this) we experience that our computers connected to a DHCP lan loses connectivity (Hyper-V enviroment)
After looking at the logs at appears that the computers timeout whenever a logged in user/admin logout from the routers console.
This is a major issues since we have an API that log on to the router and adds firewall rules quite often.
Is there an easy way to downgrade the firmware again (without having to type in the whole configuration again)?
Edit: We have 3x USG11000 -
Hi Davide,
As Christian wrote, I would make it conditional on your current configuration. The more complicate it is, the bigger is the likelihood that the firmware update fails.
Our configuration with the USG110 is not so complicate with: 1 WAN, 2 LANs, 1 DMZ, 1 AP, 2 VLANs, 1 SSLVPN, and about 20 firewall rules including some UTM filters.
We never experienced any problems with updating the FW up to 4.30.
Greetings
Joerg
0 -
@CompuSoft
Each firmware partition (running and standby)has their own configuration files.
Making sure you update the firmware: 430AAPJ0C0 on the same partition, so the "configuration" will be kept after firmware upgraded.
I would like to know did DHCP lan loses connectivity after firmware updated?
Charlie1 -
seem to me that content filter stopped work after upgrading from 4.25 to 4.30 . anyone else with this behaviour ?0
-
Zyxel_Charlie said:Each firmware partition (running and standby)has their own configuration files.
Making sure you update the firmware: 430AAPJ0C0 on the same partition, so the "configuration" will be kept after firmware upgraded.
If Firmware version A is equal to version B (because user update both sequentially with a single reboot or with a dual reboot) then also Configuration A should be equal to B (and vice-versa), right? if not there is a problem (configurations are not kept synced even if both Firmware partitions are kept with same Firmware version)...so how it is possible to lose the configuration (or some parts of it) after a Firmware update that inovolves the Running partition or the Standby Partition.
0 -
Hi
The wifi of my USG60W also stopped working after the update from 4.25 to 4.30. I had to downgrade to 4.25 again. Today I tried the meanwhile available 4.31 but with the same issues.
I could finally locate a bug in AP Management when using a user defined MAC address on the WAN interfaces. This is what I reported to Zyxel:
(I'm only using the built-in access point of the USG60W)Symptoms:After upgrading from 4.25, Wifi stopped working completely. In the AP Mon list, the IP of the local AP was changed to 0.0.0.0. The AP could not be removed but edited. A second, yet not managed AP with the IP 127.0.0.1 and different MAC address appered, which could be removed and edited, but was not working. Under radio, no entry appered in the list. In the wireless AP log I could select one of the APs, but a popup appeared saying "WTP Log Query: WTP is not in RUN state."Cause:WAN1 Interface had a user-defined MAC. After the FW update, the local AP cloned the MAC from the user defined WAN1-Mac instead of the device's MAC.Workaround:Finally, removing the user-defined MAC address manually from the config-file and re-applying the config solved the problem and wifi instantly worked again, having only one correct local AP in the AP mon list.0 -
Hi @jepper,
It is workaround to change the MAC address to device default.
The issue will be fixed at coming official release.
0 -
Zyxel_Charlie said:@CompuSoft
Each firmware partition (running and standby)has their own configuration files.
Making sure you update the firmware: 430AAPJ0C0 on the same partition, so the "configuration" will be kept after firmware upgraded.
I would like to know did DHCP lan loses connectivity after firmware updated?
CharlieCompuSoft said:Hi
We have also run into problems after upgrading to v4.30.
After uploading firmware and reboot, all configuration was completely wiped.
After all configuration was manually typed in again!(not first upgrade that have done this) we experience that our computers connected to a DHCP lan loses connectivity (Hyper-V enviroment)
After looking at the logs at appears that the computers timeout whenever a logged in user/admin logout from the routers console.
This is a major issues since we have an API that log on to the router and adds firewall rules quite often.
Is there an easy way to downgrade the firmware again (without having to type in the whole configuration again)?
Edit: We have 3x USG1100
Sorry for the late response.
The loss of connectivity on the LAN appeared after the firmware update.
After reverting to an older firmware 4.20 the connectivity loss disappeared.
I haven't tried to upgrade to any other new firmware releases after this since we cannot afford the downtime that reboots require.
Can this really be true that each reboot takes about 45~60 minutes???
We have about max limit (2000) address objects listed and quite a few service groups as well ..but still 45 minutes !!!
Another issue that we are experiencing is that our HA setup seems to reboot the firewall after each sync. (YES, thats bloody 45 minutes for every sync!)
I hope this is a known issue and hoping for a positive answer.
~Søren, Compusoft
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight