how to go back to version 1.1.50.39 firmware from version 2.0.0.1 Insight-ready firmware
Hi,
did someone has been able to go back to firmware version image 1.1.50.39 on a GS724TPv2 that has been upgraded to version 2.0.0.2 ?
My company bought a GS724TPv2 managed switch for a PoC and everything was fine with version 1.1.50.39 and below.
Unfortunately, the switch has been upgraded to Now with 2.0.0.1 firmware, it relentlessly generate SSDP traffic on one port, which is connected to a firewall's interface. Naturally, the firewall is blocking + dropping such traffic. Security team (managing the Sec Infrastructure and firewalls) are on my back because of all alerts and logs filling that switch is generating 😞 The switch has been relocated to a small office LAN segment for the time being. It is less than a year old.
Btw, the intended use for that PoC wasfor an internal network without Internet connectivity so that cloud Insight feature is more of an anoyance besides the security leakage and data collection that feature carries... So is there any other business models that is NOT coming with that Insight gizmut and provide a fine-grained control on various TCP/IP and UDP protocols (like disabling SSDP) ?
I have to find a replacement model (fully-managed 24-ports + GBps SFP ports switch (our client would need 5-10 such switches).
I've read thoroughly HolmesNetworks' post about a similar problem and followed his guidelines, disconnecting the switch from everything, then tried to push 1.1.50.39 firmware into image2 slot, but the switch doesn't recognised/accept the .rom file anymore.
Thanks everyone in advance
Model: GS724TPv2|24-Port Gigabit Ethernet PoE+ Smart Managed Pro Switch with 2 SFP Ports
Re: how to go back to version 1.1.50.39 firmware from version 2.0.0.1 Insight-ready firmware?
Sorry, I forgot to mention additional details that may be relevant to potential readers:
The switch is registered since the very begining (2019-03-02). Editorial note: I agree with HolmesNetwork that registering process doesn't have to interfere with internal provisioning processes... nor be used as an excuse to push a feature that breaks backward compatibility like that...
The switch works for 2-3 days but after that, ports/links flapping start to occur and the switch need a reset, then goes for another 2-3 days.
Thanks again,
Model: GS724TPv2|24-Port Gigabit Ethernet PoE+ Smart Managed Pro Switch with 2 SFP Ports
did someone has been able to go back to firmware version image 1.1.50.39 on a GS724TPv2 that has been upgraded to version 2.0.0.2 ?
There is no GS724Tv2 firmware v2.0.0.2. I believe you referring to firmware v2.0.1.2. As far as I have checked, there is no issue logged for the GS724TPv2 with firmware v2.0.1.2 as per you have described in your initial post.
My company bought a GS724TPv2 managed switch for a PoC and everything was fine with version 1.1.50.39 and below.
Unfortunately, the switch has been upgraded to Now with 2.0.0.1 firmware, it relentlessly generate SSDP traffic on one port, which is connected to a firewall's interface. Naturally, the firewall is blocking + dropping such traffic. Security team (managing the Sec Infrastructure and firewalls) are on my back because of all alerts and logs filling that switch is generating 😞 The switch has been relocated to a small office LAN segment for the time being. It is less than a year old.
There might be other changes made besides the firmware update that might trigger the problem such as change in the settings of the GS724TPv2 or additional devices connected within the existing network.
It would be best that you download the tech support file of the GS724TPv2. Then, open a support ticket with NETGEAR Support here at anytime in order for the tech support file to be analyzed why the GS724TPv2 generated SSDP traffic on one port that is connected to a firewall's interface.
Kindly read pages 387-388 of the GS724Tv2 user manual here on how to download the tech support file.
Re: how to go back to version 1.1.50.39 firmware from version 2.0.0.1 Insight-ready firmware
Well possible, the Insight-enabled firmware does announce itself byUPnP (SSDP) and Bonjour to the network. Is there any Web UI control to enable/disable these?
Re: how to go back to version 1.1.50.39 firmware from version 2.0.0.1 Insight-ready firmware
Thanks Dana for your reply.Really appreciated.
You're right, I have a typo in the firmware version number. it is 2.0.1.2
There is no settings that could generate such traffic or port flapping... The reason is simple: since that firmware upgrade the switch has been resetted to factory default and relocated to an administrative subnet. Yet, it continue to generate SSDP traffic on one interface. After 48-72h, all lights on the front starts to flash, indicating it is time for a reboot...
I'll generate the tech file and contact support.Thanks for the tip.
Kinds Regards,
Model: GS724TPv2|24-Port Gigabit Ethernet PoE+ Smart Managed Pro Switch with 2 SFP Ports
Welcome to Netgear community, SSDP traffic is designed to support Insight-enable on v2.0.1.2, and no option to disable it on GUI, multicast less than 10 packets per sec, so it's harmless when device working in standalone or Cloud mode, it shouldn't cause device flooding or reload.do you see anything else broken beside uplink port traffic light LED flash?
Can I know your topology in more detail? how many other devices are connected?
Internet -- FW -- GS724TPv2 --any additional devices?
v1.1.50.39 is transition image from non-insight support (v1.1.x.x) to Insight-enable image (v2.0.x.x), upgrade path should be v1.1.x.x -> v1.1.50.39 -> v2.0.x.x, however downgrade from v2.0.x.x to v1.1.50.39 is restricted by design, there is another downgrade transition image to support downgrade from Insight-enable to non-insight support image, but it's for internal usage and not posting officially.
Re: how to go back to version 1.1.50.39 firmware from version 2.0.0.1 Insight-ready firmware
Hi Bruce, Thanks for your answer. Sorry for the delay in my reply. Several things fell on my plate last week...
With firmware 1.1.1.29, to experiment VLANs and trunking were configured with some servers to evaluate switch's capabilities during the PoC. Things went well. Then the ill-advised "firmware updates too far" were applied. without the possibility to go back to 1.1.1.29. Soon after that, security team who manage the firewall brought to my attention the GS724TPv2 switch was poking the firewall other zones's interfaces with SSDP traffic...
Network topology is also simple (see diagram below). The switch was located in our "Purple zone" (aka Lab) zone behind a firewall. The firewall controls traffic to others zones and outside. All traffic being dropped between purple zone and everything else. Links are all at 1Gbps on Cat6 cables. No IPv6.
Under firmware 2.0.1.2, the switch has been reverted to its factory/default configuration. Only NTP and switch's static IP address parameters have been modified. As I wrote previously, the switch has been pulled out from the Lab zone and is now on the side line as we are investigating flapping events and its reboots needs and while the team is deliberating what we'll do next.
Thanks for your feedback, under firewall device, is there any other switch device connected to GS724TPv2? Before pulled it out from the Lab zone, did you see anything broken on GS724TPv2 beside LED traffic flash? e.g. port down, system hang or reload, or port flapping?
Re: how to go back to version 1.1.50.39 firmware from version 2.0.0.1 Insight-ready firmware
Hi Bruce,
nothing's physically broken on the enclosure. switch is securely racked in the server room. There is a GS308E switch physically located in the office area, that is connected to the GS724TPv2. Port flapping occurs from time to time (each 36-48h) , usual sign of failure is when all front LEDs start flashing at the same time. When this happen, a hard reboot resolve the problem... for another 36-48h...
My patience is running thin. I'm looking to replace the switch.
Model: GS724TPv2|24-Port Gigabit Ethernet PoE+ Smart Managed Pro Switch with 2 SFP Ports
