SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
Does anyone experience the same issue?
Since I noticed this several years, I have to reboot the unit in order for any changes I make to the Firewall or the IPSec VPN to take effect. It is a trouble because this unit is in use pretty much 24 hours a day. The current firmware version is 4.3.4-2 but it was doing with 3.#.#-#. I have tried the following troubleshooting but there was no luck.
1. Tested with our backup unit -> same issue observed and this confirmed the issue was not a hardware specific issue)
2. Factory reset and restored from the saved configuration file -> same issue observed
3. Factory reset the unit and mannually configured the unit from scratch -> same issue observed
I wonder if this is how I should expect with this unit... Any help or advice would be appreciated.
Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
Yes, that how I make changes because it will not let me make any changes otherwise.
Any change that I make in Firewall or IPSec VPN still requires a hardware reboot for the new change to take effect.
It is very inconvenient in our 24 hours operation. I did not have any issue like this with our other firewalls such as Juniper, Nortel and Cisco, but only with SRX5308 I have to reboot every time I make changes.
Even after deleting the VPN policy and look at the log, the deleted policy is active. It is very odd.
Again, I always disable the policy before making a change then re-enable it.
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
Yes, as said in my original post, I have done exactly as you asked. I reset it to the factory default and MANUALLY configured from scratch. It still does the same thing. I made a small change to the IPSec VPN a few days ago and it has not been taken effect. I will have to reboot it today but that causes the whole company operation to be interrupted. The strange thing is though, when it is rebooted, the WAN never come back up no matter how long I wait. I have to reboot it twice for the WAN to come back up. This behavior is very identical on both of our SRX5308 units. Just as an additional information...
And the most odd behavior is that Deleted IPSec VPN tunnel or Firewall rule stays effective until I reboot the unit. It is very odd and very difficult to check the changes I am making...
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
As I was Googling for a similar issue, I found this. I believe this is due to the very same cause or bug. As my case, a change made to the unit will not be reflected until rebooting it. My issue is very same. Please look at the link. Thank you...
I apologize for I have mislooked that part on your initial post. Since the same problem is still present using the latest firmware and you have already done troubleshooting steps to isolate the problem such as doing a factory reset then reconfigured the SRX5308 from scratch, for me, it seems that its a hardware fault on the firewall.
I suggest you to open a chat / online case with NETGEAR Support. Kindly state your concern and the troubleshooting steps you've done to isolate the problem. Attach a .pdf or .doc copy of the Proof of Purchase or Sales Invoice of the SRX5308 for warranty verification. If ever the hardware warranty is still valid, an online replacement will follow.
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
Thank you for the kind offer of replacement under the hardware warranty.
However I doubt that the issue is a hardware fault. I have TWO SRX5308s and I always test on both units. I have reset them to the factory default and MANUALLY configured from scratch on both units. If it is a hardware fault, I should not observe the same issue on both units. I hope you would agree... Thank you
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
As an additional information, this behavior can be seen in many settings. For example, after enabling the syslog with a given Syslog server IP, DISABLE it and click Submit. The SXR5308 is still sending the Syslog data to the server. Then I changed the Syslog server address in SRX5308 as part of the test and click Submit (Save), it is still sending to the original server IP, the IP that I already removed from the Syslog menu . In other words, majority of settings (there are some changes that reflect without rebooting though) requires the unit reboot in order for a new setting to be reflected.
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
I conducted another test this morning.
On a running IPSec VPN tunnel vpn pollicy, I disabled it via the web management page. It was disabled all right. HOWEVER, when I enable it back, it appears that it took a command on the web page and SSH status, but the operation is still disabled state as I look at the VPN log. It keep saying "Could not find configuration for xxx.xxx.xxx.xxx[500]" I tried enabling/disabling thru SSH but the result is very same.
Again, once the unit is hard rebooted, the enabled state takes effect. This behavior is observed not only in IPSec VPN but also in many other settings such as Firewall and Syslog settings.
Does anyone experience this same symptom and found any workaround?
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
As I mentioned earlier, the issue found in different thread indicates that SRX5308 has the same potentioal problem.
Changes made to the SRX5308 does not seem to reflect the operating configuration. It appears that it reflets only the GUI appearance and once the unit is hard rebooted the operating configuration takes the new changes.
The forum thread you have shared has a different concern wherein the user mistakenly enabled a scheduled reboot on his SRX5308 then he disabled it then the problem came up that even after disabling it, the SRX5308 still reboots on the specific scheduled time. The user did a manual reboot but it did not take effect and finally decided to reflash the firmware.
Let me add that I have inquired this forum thread to a higher tier of NETGEAR Support and the issue you have described here is not present on the SRX5308 they have. It was suggested to try using other PCs to make changes on the settings of your SRX5308 via its web-GUI to isolate the problem.
Also, since you have observed the problem on your two SRX5308, I would agree that a replacement might not help. However, I suggest that you open a chat / online case with NETGEAR Support if ever using other PCs did not help and your concern would be possibly get escalated to the engineering team for further investigation.
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
I have contacted them but they required me to purchase the support license in order to look at their own bug. I am not very satisfied with the direction of their assistance but I guess I will have no other option...
Thanks for the update. I apologize for the inconvenience this has caused you. However, let me inform you that a new firmware version has been released for the SRX5308 which is v4.3.5-3. You may want to try to upgrade the firmware of your SRX5308 to v4.3.5-3. Be reminded to perform a factory reset on the SRX5308 after upgrading its firmware then reconfigure it from scratch in order to start clean using the latest firmware version. You may download the latest firmware v4.3.5-3 here.
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
I have been using FW 4.3.5-3 for some time but the issue is still observed as being reported originally. I am sorry but this is a bug in the firmware from the fact that all my attempts to isolate the problem failed. I have tried all you have suggested on both of my SRX5308 units. I feel I am at dead end now. Any more advice?
I apologize for the inconvenience this has caused you. I believe that all of the troubleshooting steps were already exhausted. If ever the 2 SRX5308 you have are still within the hardware warranty, I suggest you to open a chat or online case with NETGEAR Support and let them know your concern. You might need to submit a .doc or .pdf copy of the Proof of Purchase or Sales Invoice of the 2 SRX5308 for warranty verification. If ever the 2 SRX5308 are still within hardware warranty, an online replacement will follow.
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
Thank you for your response and advice.
However, I am afraid that replacing both units will not resolve the issue, because both units behaves the same way. And I factory reset both units and manually re-programmed from scratch. When I called Netgear support and reported this buggy behavior, I was asked to pay $ to do anyting beyond. I am really stuck. Can you remotely diagnose? Thank you.
We do have a working SRX5308 in our laboratory. What I can do is load the config file from your SRX5308 to our SRX5308 and check if I'll encounter the same problem as yours. Kindly send me the config file of your SRX5308 by providing me a download link. Be reminded to give me the password or change the password to the default password before sending me your config file so that I could login to the web-GUI of our SRX5308 once I load the your config file to check the configuration as well.
Re: SRX5308 - Requires REBOOT every time setting changed in Firewall or IPSec VPN.
Thank you for offering that option. I feel confident about such approach. Are you by any chance in SoCal? If so I will bring my SRX5308 over to your facility.
