Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

update ca -> need reboot ?

AlbertoAlberto Enthusiast ✭✭
in High End Firewalls


I have replace internal CA certificate on NSA6600 HA pair.

After done machine needs reboot:

Status: Ready. Restart of the firewalls is required for changes to take effect. Click here for the staged reboot of firewalls.

Is it correct ?

Other unit like NSA 3600 and TZ500 with this update no needs reboot.

Category: High End Firewalls
Reply

Answers

  • AlbertoAlberto Enthusiast ✭✭

    this is image

    Schermata del 2021-02-24 11-52-19.png


  • shiprasahu93shiprasahu93 Moderator

    @Alberto,

    That does sound correct. Usually, a reboot is required for such a change.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • AlbertoAlberto Enthusiast ✭✭

    I open a ticket to check : Support Case 43627022

  • AlbertoAlberto Enthusiast ✭✭

    because I have this question:

    How many failover if I reboot primary ?

    EX:

    primary active - need reboot

    secondary standby

    reboot primary

    service on standby

    secondary active

    secondary now needs reboot ?

  • AlbertoAlberto Enthusiast ✭✭

    and why no reboot of other my sonicwall 3600 Tz 500 ?

    Is it for SSL VPN (only on 6600) ?

  • shiprasahu93shiprasahu93 Moderator

    Since this message is showing up on the unit due to a certificate change, I think when you click on restart the secondary firewall should restart first and once it is back up, the failover should take place, and then the primary should restart.

    If you do not have preemption for HA, the secondary should stay active.

    I am not entirely sure, why this message only showed up for NSA 6600 and not for others. I have seen that message for the following scenarios:

    1) When the connection settings are changed from DPI to SPI or vice versa

    2) If Local flow collector is enabled

    3) Any hardware related changes made on the diag page

    4) Certificate changes that are used for HTTPS management or SSLVPN.

    Was there anything additional done on the NSA 6600?

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • AlbertoAlberto Enthusiast ✭✭

    support respond me:


    Thank you for contacting SonicWall, I have taken ownership of your Case Number 43627022 - update ca -> need reboot ?


    Yes, once you import certificate the device will ask you for a reboot, please follow below article where the same is mentioned.


    https://www.sonicwall.com/support/knowledge-base/imported-certificates-not-validating/170504637875973/


    Thank you,

  • AlbertoAlberto Enthusiast ✭✭

    I have made reboot yesterday evening.

    initial: primary active , secondary standby

    secondary reboot, after reboot fail over of primary and reboot

    final: primary standby, secondary active.

Sign In or Register to comment.