I've been having an e-mail conversation with one of my customers and I'd like to seek clarification on some points.
The customer has a pair of S3008 appliances running 8.3.0 in an active/passive (peer-to-peer) HA cluster. He is looking at the process of upgrading and the correct procedure for doing so.
Basically everythig he has proposed is correct - upgrade Firewall B to 8.3.1 (the domant member), perform a failover to bring it online (making Firewall A domant), check to make sure the new version of software doesn't cause any issues, upgrade Firewall A to the same version and (optionally) forcing another HA event to make A the active member once again. He then posed some questions which I answered to his satisfaction. He did, however, ask two which I wasn't immediately sure of:-
If B is primary, and changes made will A sync to primary once upgraded & rebooted?
What I was absolutely certain of was that while the two appliances were running different versions that changes made to the active member wouldn't be synchronized to the passive member. However, I wasn't 100% sure if once the other applince was upgraded to the same version whether is would definitely inherit any changes made in the interim.
With different versions it will still do a graceful handover on scheduled shutdown/reboot? Where transfer of connection starts 30 mins prior to shutdown/reboot.
This, oddly, isn't something I've conciously tried. I've pulled network cables, power cables and such like to force a failover, but am not 100% sure if a scheduled reboot of the active member would allow the other member to still take over 'gracefully' while there is still a disparity between the two software versions. I'm again assuming that it will be "yes" as there will still be a functioning channel of communication over the HA link and even though there's temporary minor difference between the two appliances, there's still enough compatibility between the two for one to let the other know that it needs to take over, rather than waiting for some kind of actual failure event where the secondary box suddenly realises that it is no longer able to communicate with the primary.
>If B is primary, and changes made will A sync to primary once upgraded & rebooted?
I'm sorry if I'm misunderstanding, but are you wondering if changes made to firewall B while it is primary will sync to firewall A when it is upgraded and rebooted? Yes, when A is booting up it will check to see if it has the correct policy and will synchronize if necessary.
>With different versions it will still do a graceful handover on scheduled shutdown/reboot? Where
>transfer of connection starts 30 mins prior to shutdown/reboot.
This one I am not actually sure about either. I am leaning towards this not working in the manner that the customer would want, but I think it is something that needs to be tested. Because of the version difference, I expect there might be a problem with that communication chain.
In the case of the first question, you have it spot on and your conclusion seems to agree with mine.
In the case of the second question I am a little more surprised, because my gut feeling though it would work. Even though the two appliances are running different versions there is (I thought) still a functioning channel of communication over the heartbeat interface. If I had the appliances with which to test it for myself I would give it a try. Had I been asking about a pair of 8.2.x appliances and one had been upgraded to 8.3, I would have been less surprised if you had said "No, this is unlikely to work", but 8.3.0 & 8.3.1?...
If you could ponder this with your colleagues I'd be grateful.
In the meantime I will relay your thoughts on the first point over to the customer.
Got some information for you:
Session sync does not uses firewall version. It has its own protocol version, as long as there is no change in session message/protocol across two versions it should work. If there is change, you will see error message with:
“IP Filter: old version number in state sharing message
IP Filter: old version number(v2) in state sharing message”
AFAIK, there is no change in session message for 8.3.0 and 8.3.1 so I think it should work.
About that, I am thinking upgrade de Fw since 8.2.1 to 8.3.1. I have two nodes in HA Cluster, load-sharing mode. So, for upgrade HA cluster is it necesary break the cluster before instalation package?
thanks in advance