We recently tried to upgrade one of our SG580 routers to V4.0.5 firmware with somewhat disasterous results. After only day we had to revert back to the V3.1.6 firmware because the 30 or so IPSec VPN tunnels we rely on would not stay up for more than and hour or so before failing and having to be reset.
We have had a probelm wth routing over the VPN tunnels on the V3.1.6 firmware so some time that has persisted across several firmware updates and so far eluded the developers when the problem was reported to technical support. In V4.0.5 this routing probem is cronically bad to the point where the network wasn't really functioning at all.
The symptom of the problem is that the VPN tunnel says its up but packets are not being routed over the tunnel to the remote site. A PING won't work (nor anything else) that goes over the tunnel. Disabling the tunnel at the hub router and then reenabling usually restores the routing function over that VPN tunnel. In V3.1.6 this happens to about 1 tunnel per week with 30 tunnels. In V4.0.5 it was happening to several tunnels every hour all day. We reverted back after only one day of this mayhem.
I persisted with a single branch SG560 router on V4.0.5 to see if it was stable enough with only a single VPN tunnel back to the hub router. The new status feature and interface information displays are really informative and we would have like to use that if we could.
On the branch router with only one tunnel the SG560 would go into a CPU loop at least once a week. The web interface was eventually unresponsive when this happened but the CPU usage on the status display would jump from 2-3% to 100% before it completely locked up and stopped responding altogether. The routing of packets over the VPN tunnel stopped just prior (only a few seconds) to the CPU loop starting. It was then necessary to power cycle the device manually. We could not continue with this level of reliability and we are now back to V3.1.6 firmware.
A support report is attached for the SG560 V4.0.5 firmware at around the time of a CPU loop starting (I only ever got one report, most times it locked up entirely before completing the download).
Another bug in the V4.0.5 firmware was the time an interface had been up, while the diagnostics page would accuratley show the boot time as being only a few minutes, the up time of the network interfaces and VPN tunnels would show over 136 days uptime within minutes of being rebooted.
The V4.0.5 firmware needs major overhauling with regard to the IPSec VPN tunnels before the next release.
Sadly, McAffee support is so difficult to deal with I have given up trying to log a support incident.
Message was edited by: mark.emery on 15/02/10 10:22:49 PM