Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)

@DavideMauri
Application Signature Download is separated between partitions. The affected Partition is the Running Partition first. If you follow the SOP, then you´ll "Reset" on Running, you´ll do FTP Upgrade on Running with Weekly to fix it, so NO NEED to do anything on Standby Partition.

But we have some customer sharing solutions (recovery) which are NOT following the SOP shared. For example you can "switch partition" by Console or also Reboot to other partition. As these partition never download a wrong signature, their are unaffected, so no need to do anything. However this will NOT fix the "Standby Partition" in this case (once role changed to Standby Partition) the "previously affected Running partition, is now Standby" and here is the gap, this partition, still stored the wrong Application Version which need Console CLI recovery, or some process like Online Upgrade (which will be apply by default to Standby, to keep roll-back scenario) can´t work.

So we suggest everyone, to follow SOP. Yes, there are ways to bring device back online by Reset, Partition Swap or other scenarios, may also remote, but it doesn´t help you in the future, if you not follow the SOP we shared before.

I hope this makes it a bit more clear.

@USG_User

There is nothing planned and also no need. The V5.39(ABWD.1)-sig-20250124 only assist in removing the bad signature from partition, that´s it. Once this is done, you can keep this firmware or you can install last official current FCS. As the issue was NEVER firmware related, there is no need to plan a Patch 2 for this issue. Only the signature needs to be removed, which this firmware can assist with.

Thanks.

@USG_User

No Problem. You can switch back to Patch 1 or keep the Signature Version. The Signature Version is build on our latest Weekly from Bug-Fix Level, so a bit better on fix level as Patch 1. However, the next release on ZLD is planned around end of March and will be 5.40.

Thanks.