HA : salve sg-8860 red status

  • Hi,

    I have a cluster of SG-8860.
    It is in production since 2 years without any problem.

    Yesterday, I add a new VIP on the master unit and my slave unit crashed.

    The slave pfsense sg-8860 was shutdown.
    I restart it but the status and sata activity light are red.

    I connected the console cable and used putty but the terminal show nothing. (I'm sure about the configuration because the terminal is working on the master unit)

    I tried the reset buttom but nothing happened.

    Note : This unit is not under guarantee anymore

    Do you know if there is way to recover this pfsense ?


  • Rebel Alliance Developer Netgate

    Contact Netgate at https://customercare.netgate.com/

    Even if that is out of warranty there is likely something we can do to get you back up and running.

  • i also have the same red lights on my sg-8860. any solution?

  • Galactic Empire

    Please contact our support so they can have a look. Simply submit a ticket at the following link, and someone will be able to assist https://go.netgate.com/support/login

  • Just out of curiosity, if we've updated the coreboot on 2440/4860/8860 devices, does that prevent the C2000 AVR54 bug from killing the box? I thought the answer was 'yes' but I still see people showing up and reporting dead units. Is it just that they were running the old BIOS?

  • Galactic Empire

    The coreboot update is for AVR50. See this post by Jim for more details. Unfortunately, as with other vendors, there's no software fix for devices that experience failure related to C2000 bug. The coreboot update fixes a different issue instead. There's a limited amount of information available, as we're under NDA with Intel, however see this blog post for more details, specifically this:

    Although most Netgate Security Gateway appliances will not experience this problem, we are committed to replacing or repairing products affected by this issue for a period of at least 3 years from date of sale, for the original purchaser.

    To this day I run a 4860 from the first and affected batch of units without any issues. I can't recall an exact date, but in short time after C2000 bug details were revealed, all the C2000 based units we sold had a hardware workaround applied. So what you're seeing today is just a small percentage of the units we've sold years ago. All of which are under extended warranty.

    Here's a very good summary of all the details we've published about the C2000 issues.

  • Ok, thanks @ivor - I mis-understood then. Thought somehow that the coreboot update prevented the bricking. I've got a 4860 at home that's working great too.

    Is there any way to tell from the Serial# or Netgate DeviceID if a particular unit has the hardware workaround? I've got some out in far-away places and would like to swap them out to avoid a costly trip later.

  • Galactic Empire

    Sorry, but we don't do advanced replacements. If the unit fails within the extended warranty we can replace it, but not in advance. You can still check if the unit is with the hardware workaround by contacting our support though.

  • I wasn't asking for any replacements... I meant I would take firewalls we have in stock and swap them out ourself ☺

  • Galactic Empire

    I figured but, as this is a public forum, I had to make sure others who read it don't misunderstand :)

    Please contact our support, reference this thread and they will be able to assist. If you encounter any hiccups just let me know and I'll explain to our support about what you're after. :) Thanks!

Log in to reply