Jump to content


Photo

Current global COVID-19 situation


This topic has been archived. This means that you cannot reply to this topic.
6 replies to this topic

#1 Gavin Chappell

Gavin Chappell
  • Moderators
  • 441 posts

Posted 01 April 2020 - 07:53 AM

Hi all,

We are obviously aware (as is everyone else!) of the rapidly-changing situation regarding the COVID-19 coronavirus. We're aware that many of you will have switched to a remote working scenario by now, and that there is no immediately obvious end date to this. We have done the same, and although remote working has always been a large part of the way Barracuda operates, due to the large scale and zero notice there have been some "teething issues" as I'm sure you have all experienced.

 

With that in mind, after some tweaking and testing, I am currently in the process of rolling out a patch for all BVS appliances with >2GB of RAM installed in order to attempt to increase the performance and stability of in-field appliances during these unprecedented times by freeing up more memory for use by the SSL VPN service. If your appliance has 1GB of RAM then I'm afraid there is nothing we can do - this small amount has basically zero headroom. This includes:

  • physical 180/280 appliances
  • some early revision physical 380 appliances
  • any virtual appliances where you have NOT increased the amount of RAM available from the default 1GB that the VM image is configured with

When your appliance picks up this patch, if it is a candidate for this change, you will receive an email (to the address you used as the System Contact Address) letting you know it has been applied, and warning you that your appliance needs a reboot to make this active.

 

My testing looked good, early customer feedback looks good, so this will be rolled out slowly to the 2.6.2.8 and 2.6.2.9 firmware versions over the next couple of days. If this change improves things for you, that's great. If it does not, then it should never be harmful, so there is nothing lost either.

 

However, I need to clarify - this is still a legacy product, and nothing changes with regards to the end-of-life/end-of-support dates. This is very much a "last ditch" effort in order to try and help people through this difficult situation as we're aware that while the end date for the legacy SSL VPN is approaching, with the worldwide disruption this is not the time to want to evaluate a new appliance nor rip out your working SSL VPN solution.

 

Thanks!



#2 Finlay Morgan

Finlay Morgan
  • Members
  • 10 posts

Posted 02 April 2020 - 09:12 AM

The situation is deteriorating everyday because of Covid-19. 



#3 Joseph Smith

Joseph Smith
  • Members
  • 1 posts

Posted 03 April 2020 - 06:43 PM

Hi, I have firmware version 2.6.2.7 and if I upgrade the firmware it then requires that all of the clients update their agents.  So we would have to have all of our users install the new agent.  That is not something that we can do.

 

I notified support that this device is not able to support even 10 users without locking up.  I was told this patch would fix this but I was not told it would not work with my current version of the firmware.  I also have 3 other ssl 380s that are working flawlessly each with over 30 users.

 

I do have a support contract for this device.

 

Please help by making this patch available for 2.6.2.7 or help me fix my device.

 

Thank you 



#4 Gavin Chappell

Gavin Chappell
  • Moderators
  • 441 posts

Posted 04 April 2020 - 02:11 AM

The problem we have here is that I have no 2.6.2.7 boxes left to test with, as 2.6.2.8 has now been on 100% general availability since April 2017 - three years ago. For the most part, anyone who hasn't upgraded the firmware on a security appliance in three years either doesn't have the subs anymore, or just isn't using the device anymore, so we don't generally release anything for firmwares older than this because running a less than three year old firmware for your security device kind of seems like it should be a given.

 

If you're willing to open the support tunnel and private message me your previous case number which will contain the details and the serial number of the box, I will investigate on Monday whether this can be done on your 2.6.2.7 appliance or not. However I make no guarantees about a) whether it can be done or B) whether it will help.



#5 Darren

Darren
  • Members
  • 4 posts

Posted 08 April 2020 - 09:51 PM

This patch broke our 280. Now what,



#6 Darren

Darren
  • Members
  • 4 posts

Posted 08 April 2020 - 09:59 PM

Called support end they said end of life. So let me get this right. You proactively push a patch to my appliance, break it, but won’t help restore it?



#7 Gavin Chappell

Gavin Chappell
  • Moderators
  • 441 posts

Posted 09 April 2020 - 01:05 AM

This patch broke our 280. Now what,

 

You're going to have to be a bit more specific here...what does "broke" mean? Only one specific hardware revision of 280 will have had any changes made, I said in the first post that all 280s had 1GB of RAM and therefore nothing would change for them. It turns out there was one final hardware revision of 280 that had 2GB. If you have one of those then a change will have been made that the appliance is capable of handling. If you don't have that revision, then nothing was changed on your appliance.

 

Called support end they said end of life. So let me get this right. You proactively push a patch to my appliance, break it, but won’t help restore it?

 

The appliances are coming up for end of life in December, but are not yet end of life. Like I explained in the first post, this patch is a "last gasp" effort to try and help customers experiencing reliability issues. Let me explain the thought process here...

 

What I would like every SSL VPN customer to do is to migrate to a CloudGen Firewall before the end of support date in December. I believe our Sales/Renewals teams have been contacting customers with active subscriptions and offering a "trade-in" to swap for a CloudGen Firewall with equivalent subscriptions. However the current COVID-19 pandemic means the literal opposite is happening; instead of customers looking into migrations, they're out-of-office (some working from home, some unfortunately furloughed and no longer actively working) and unable to get physical access to their network for evaluating a new device. Not only that, but people are bringing back online decommissioned appliances because they're now desperate for remote access capacity. Our online appliance stats which SHOULD be trending down ready for the end-of-support date on December 1st is holding flat or actually increasing slightly because some customers currently have no choice but to power their old, legacy SSL VPN back on.

 

So with that in mind, knowing that almost no one will be starting to evaluate the Firewall for the next few months while the various "stay in place" orders are in effect around the world, and knowing that customers will now be relying on these old appliances I got permission to make a change to try and solve some of the scalability issues we've seen. However the change is only made on appliances which have the resources available, which excludes all 280s apart from the final hardware revision - these are untouched and will run exactly as they used to.

 

What I would suggest for you is that you send me a private message with your Salesforce case number in it, and I will look into this for you. This will have all the details of your issue which you didn't provide here, and it will have all the history between you and our technician so I can see what's been discussed. I am 99% sure that this will turn out to be some kind of coincidental fault because only a handful of 280s will have any change in behaviour, but I will look over it myself for you and if there's any remote chance that this fix I pushed out could have caused it, I will undo it in order to restore the previous configuration.