Hi!
I upgrade my NSM (RH 4), first from 2007.2 to 2007.3r4 and then from 2007.3r4 to 2008.1r1. When I finish, I upgrade schema on my NSM2008.1r1. Everything works grate, but when I try start "Summarize Delta Config" I see big problem.
NSM try on all my firewall (42 device: ns5gt, ssg5, ssg20, ssg320, ssg520) unset second routing to the same destination.
For example, first device (A) have 2 network connection to internet(a and b),second device (B) have one netork connection(a) to internet. I have two VPN connection between this device:
- [VPN1] from device (A) connection (a) to device (B) connection (a)
- [VPN2] from device (A) connection (b) to device (B) connection (a)
Second VPN is simply backup VPN.
On device (A) I have two routin:
- to [VPN1] with metric 1 - use tunnel.1 interface
- to [VPN2] with metric 5 - use tunnel.2 interface
On device (B) I have two routing too:
- to [VPN1] with metric 1 - use tunnel.1 interface
- to [VPN2] with metric 5 - use tunnel.2 interface
Everything worked grate (2 year?) but when i update NSM to 2008.1r1 NSM on "Summarize Delta Config" try unset my routing to [VPN2]!
This loks like that:
_____
Config on Device but not on NSM:
set nsm server primary 192.168.1.12 src-interface bgroup0
set vrouter trust-vr route 192.168.0.0 255.255.0.0 interface tunnel.2 gateway 172.16.2.1 preference 20 metric 5
Config on NSM but not on Device:
Config on both Device and NSM but reordered:
Config to be send to Device on next Update Device:
unset vrouter trust-vr route 192.168.0.0 255.255.0.0 interface tunnel.2 gateway 172.16.2.1
CA Certyficate to be removed from Device:
CRL to be removed from Device:
______
This is strange because "Config on Device but not on NSM" show:
set vrouter trust-vr route 192.168.0.0 255.255.0.0 interface tunnel.2 gateway 172.16.2.1 preference 20 metric 5
and this is not true, I have this route on NSM!
That situation is on all my device (42 device)! Device have firmware 5.3, 5.4, 6.0 and 6.1.
I try import device - nothing, try remove device from NSM and add again - nothing, try upgrade device firmware - nothing, try change rights back to root (change in setperm.sh user "nsm" to user "root" and execute the script) - nothing, remove route and add again - nothing.
I don't have any new idea, please help!
[root@nsm2007 ~]# /usr/netscreen/DevSvr/bin/devSvr.sh status
Retrieving status...
devSvrDbSvr (pid 3334).............................ON
devSvrManager (pid 3543)...........................ON
devSvrLogWalker (pid 3704).........................ON
devSvrDataCollector (pid 3868).....................ON
devSvrDirectiveHandler (pid 4050)..................ON
devSvrProfilerMgr (pid 4242).......................ON
devSvrStatusMonitor (pid 4396).....................ON
[root@nsm2007 ~]#
[root@nsm2007 ~]# /usr/netscreen/GuiSvr/bin/guiSvr.sh status
Retrieving status...
guiSvrManager (pid 2221)...........................ON
guiSvrMasterController (pid 2507)..................ON
guiSvrDirectiveHandler (pid 2667)..................ON
guiSvrLicenseManager (pid 2815)....................ON
guiSvrStatusMonitor (pid 2947).....................ON
guiSvrWebProxy (pid 3189)..........................ON
[root@nsm2007 ~]# ps -aux
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2248 560 ? S 14:57 0:00 init [2]
root 2 0.0 0.0 0 0 ? S 14:57 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN 14:57 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S 14:57 0:00 [migration/1]
root 5 0.0 0.0 0 0 ? SN 14:57 0:00 [ksoftirqd/1]
root 6 0.0 0.0 0 0 ? S< 14:57 0:00 [events/0]
root 7 0.0 0.0 0 0 ? S< 14:57 0:00 [events/1]
root 8 0.0 0.0 0 0 ? S< 14:57 0:00 [khelper]
root 9 0.0 0.0 0 0 ? S< 14:57 0:00 [kacpid]
root 29 0.0 0.0 0 0 ? S< 14:57 0:00 [kblockd/0]
root 30 0.0 0.0 0 0 ? S< 14:57 0:00 [kblockd/1]
root 40 0.0 0.0 0 0 ? S 14:57 0:00 [pdflush]
root 41 0.0 0.0 0 0 ? S 14:57 0:00 [pdflush]
root 43 0.0 0.0 0 0 ? S< 14:57 0:00 [aio/0]
root 44 0.0 0.0 0 0 ? S< 14:57 0:00 [aio/1]
root 31 0.0 0.0 0 0 ? S 14:57 0:00 [khubd]
root 42 0.0 0.0 0 0 ? S 14:57 0:00 [kswapd0]
root 118 0.0 0.0 0 0 ? S 14:57 0:00 [kseriod]
root 189 0.0 0.0 0 0 ? S< 14:57 0:00 [ata/0]
root 190 0.0 0.0 0 0 ? S< 14:57 0:00 [ata/1]
root 194 0.0 0.0 0 0 ? S 14:57 0:00 [scsi_eh_0]
root 195 0.0 0.0 0 0 ? S 14:57 0:00 [scsi_eh_1]
root 219 0.0 0.0 0 0 ? S 14:57 0:00 [kjournald]
root 1096 0.0 0.0 3136 448 ? S<s 14:57 0:00 udevd
root 1162 0.0 0.0 0 0 ? S< 14:57 0:00 [hda_codec/0]
root 1163 0.0 0.0 0 0 ? S< 14:57 0:00 [hda_codec/1]
root 1524 0.0 0.0 0 0 ? S< 14:57 0:00 [kauditd]
root 1585 0.0 0.0 0 0 ? S< 14:58 0:00 [kmirrord]
root 1586 0.0 0.0 0 0 ? S< 14:58 0:00 [kmir_mon]
root 1607 0.0 0.0 0 0 ? S 14:58 0:00 [kjournald]
root 1608 0.0 0.0 0 0 ? S 14:58 0:00 [kjournald]
root 1609 0.0 0.0 0 0 ? S 14:58 0:00 [kjournald]
root 1610 0.0 0.0 0 0 ? S 14:58 0:00 [kjournald]
root 1611 0.0 0.0 0 0 ? S 14:58 0:00 [kjournald]
root 2053 0.0 0.0 3508 632 ? Ss 14:58 0:00 syslogd -m 0
root 2057 0.0 0.0 2028 468 ? Ss 14:58 0:00 klogd -x
root 2109 0.0 0.1 10024 3956 ? S 14:58 0:00 /usr/X11R6/bin/Xvfb -pn :991.0
root 2221 1.9 21.3 962368 551168 ? Sl 14:58 5:01 /usr/netscreen/GuiSvr/bin/.guiSvrManager
root 2507 0.0 1.0 1156688 26216 ? Sl 14:58 0:00 /usr/netscreen/GuiSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
root 2667 0.2 5.8 1237800 151120 ? Sl 14:58 0:45 /usr/netscreen/GuiSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
root 2815 0.0 0.7 277276 18192 ? Sl 14:58 0:00 /usr/netscreen/GuiSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
root 2947 0.4 0.1 9032 5060 ? Sl 14:58 1:13 /usr/netscreen/GuiSvr/bin/.guiSvrStatusMonitor
root 3189 0.0 1.9 233428 50172 ? Sl 14:58 0:04 /usr/netscreen/GuiSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
nsm 3334 0.0 0.1 17552 2600 ? S 14:58 0:00 /usr/bin/postmaster
nsm 3420 0.0 0.1 17684 3696 ? S 14:58 0:00 postgres: writer process
nsm 3421 0.0 0.0 9004 2020 ? S 14:58 0:00 postgres: stats buffer process
nsm 3422 0.0 0.0 8172 2044 ? S 14:58 0:00 postgres: stats collector process
root 3543 0.4 0.5 26304 15056 ? Sl 14:58 1:08 /usr/netscreen/DevSvr/bin/.devSvrManager
root 3704 0.7 0.4 25612 12880 ? Sl 14:58 1:59 /usr/netscreen/DevSvr/bin/.devSvrLogWalker
root 3868 0.0 1.8 1839688 48992 ? Sl 14:58 0:05 /usr/netscreen/DevSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
root 4050 0.3 6.9 1382600 181024 ? Sl 14:58 1:00 /usr/netscreen/DevSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
root 4242 0.0 0.2 22824 6660 ? Sl 14:59 0:00 /usr/netscreen/DevSvr/bin/.devSvrProfilerMgr
nsm 4292 0.0 0.1 18352 5036 ? S 14:59 0:00 postgres: nsm profilerDb 127.0.0.1(32809) idle
root 4396 0.1 0.2 9032 5192 ? Sl 14:59 0:18 /usr/netscreen/DevSvr/bin/.devSvrStatusMonitor
nsm 4404 0.0 0.1 17956 3268 ? S 14:59 0:00 postgres: nsm profilerDb 127.0.0.1(32817) idle
nsm 4407 0.0 0.1 17956 3268 ? S 14:59 0:00 postgres: nsm profilerDb 127.0.0.1(32818) idle
nsm 4830 0.0 0.0 3900 1348 ? S 14:59 0:00 /bin/sh /usr/netscreen/HaSvr/bin/.highAvailSvr
root 6247 0.0 0.0 5824 1712 ? Ss 14:59 0:00 /usr/sbin/sshd
root 6256 0.0 0.0 5788 1120 ? Ss 14:59 0:00 crond
root 6273 0.0 0.0 1992 404 tty1 Ss+ 14:59 0:00 /sbin/mingetty tty1
root 6282 0.0 0.0 1512 404 tty2 Ss+ 14:59 0:00 /sbin/mingetty tty2
root 6283 0.0 0.0 2324 404 tty3 Ss+ 14:59 0:00 /sbin/mingetty tty3
root 6284 0.0 0.0 2976 404 tty4 Ss+ 14:59 0:00 /sbin/mingetty tty4
root 6285 0.0 0.0 2408 404 tty5 Ss+ 14:59 0:00 /sbin/mingetty tty5
root 6286 0.0 0.0 3080 404 tty6 Ss+ 14:59 0:00 /sbin/mingetty tty6
root 26380 0.0 0.0 7040 2244 ? Ss 19:17 0:00 sshd: gnome [priv]
gnome 26400 0.0 0.0 7040 2292 ? S 19:17 0:00 sshd: gnome@pts/0
gnome 26401 0.0 0.0 4600 1372 pts/0 Ss 19:17 0:00 -bash
root 26427 0.0 0.0 5672 1228 pts/0 S 19:17 0:00 su -
root 26440 0.0 0.0 5072 1452 pts/0 S 19:17 0:00 -bash
nsm 26955 0.0 0.0 2600 456 ? S 19:18 0:00 sleep 60
root 27343 0.0 0.0 3724 752 pts/0 R+ 19:19 0:00 ps -aux
Regards,
pkm.