Patch status of the firewall

5

The patches for the firewall have four states: Idle, Activated, Deactivated, and Running.

Other related questions:
Upgrading the firewall patch
Delete the patch of the old version, load the patch of the new version, and activate it. The hot patch does not require the device be restarted. For operation details, see the relevant patch release notes and upgrade guide.

Number of patches that can be stored on the firewall
The patch saved in the patch area is numbered uniquely. Up to 200 patches can be saved to the patch area in the memory of the MPU or LPU.

Monitoring OSPF and BGP status on the firewall
Perform as follows to monitor OSPF and BGP status on the firewall: 1. Choose Network > Route > Dynamic Route Monitoring Table. 2. On the OSPFv2 Route List page, view detailed OSPFv2 route information. 3. On the BGP Route List page, view detailed BGP route information.

Whether the firewall needs to be restarted during patch upgrade
The hot patch does not require the device be restarted, but the cold patch does require.

Problem and solution when the OSPF status is abnormal
To solve the problem that the OSPF status between the firewall and the peer device cannot reach the Full state, perform the following steps: 1. Check the OSPF status. Check whether the OSPF neighboring relationship can be established between the firewall and the peer device. 2. If no, check the security policy configuration. Check whether the security policy control function for unicast packets is enabled. That is, check whether the firewall packet-filter basic-protocol enable command is configured. If yes, run the undo firewall packet-filter basic-protocol enable command to disable the function. To establish an OSPF neighboring relationship, devices need to exchange DD packets. DD packets are OSPF unicast packets. By default, the forwarding of OSPF unicast packets is not controlled by security policies. However, if you run the firewall packet-filter basic-protocol enable command to enable the security policy control function for OSPF unicast packets, you need also to configure the corresponding security policy to allow the packets to be forwarded. For details, see OSPF can not step into full state caused by security policy deny.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top