Boot loader updates (SGOS 6.5.x and 6.6.x; Advanced Secure Gateway 6.6.x)

Products

Asset Management Solution Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

SGOS 6.5.9.11, SGOS 6.6.5.1, and Advanced Secure Gateway 6.6.5.6 introduce the following boot loader changes:

You can use it to restore factory defaults to your ProxySG or Advanced Secure Gateway appliance using the new command r.
The boot loader informs you when a system image is corrupt, allows you to remove corrupt images from the list of system images, and logs the corruption.
You can use it to regenerate lost system-image metadata.

Overview:

Restore Factory Defaults

When you use the command r, the boot loader generates a marker file that marks the system for re-initialization. After you mark the system for re-initialization, you select a system image to boot. The system image you select must have an operating system version (SGOS 6.5.9.11 and later; SGOS 6.6.5.1 and later; Advanced Secure Gateway 6.6.5.6 and later) that can detect the marker file. If the system image cannot detect the marker file, the factory defaults are not restored.

Note: The following procedure includes screenshots of the ProxySG CLI, but the steps apply to both ProxySG and Advanced Secure Gateway appliances.

To restore factory defaults:

Connect to the appliance’s serial console and reboot the appliance.
In the CLI, press the space bar before the five-second timer expires.
Type r at the command prompt (This will enter system in diagnostics mode). The CLI displays a warning message.

Warning message that states the appliance will be marked for re-initialization.

Type y. The CLI displays a message stating “System successfully marked to re-initialize on next boot” and a list of system images to select from.

Note: After you select a system image in the next step, you cannot end or revert the re-initialization process. To end the current re-initialization process, type the command r.

To select a system image from the list, enter the system number (the number next to the version of SGOS/Advanced Secure Gateway). The boot loader boots and re-initializes the selected system. Factory defaults are restored to your appliance.

Note: The following example shows the output from a ProxySG appliance CLI. Refer to the Additional Information section in this article for an example of the CLI output from an Advanced Secure Gateway appliance.

Corrupted System Images

How the boot loader handles a corrupted system image depends on where the corruption has occurred in the image. The two areas of corruption are the header and the body of the system image.

Corruptions in the Header of a System Image

If the corruption occurs in the header of any system image, the boot loader does not include the corrupted image in the list of available system images. Instead, it displays a message stating the system image is invalid, and an error is logged in the boot loader audit log.

If the corrupted system image is the default system image, the boot loader also selects the most recent successful system image and starts the automatic boot sequence.

Invalid system message is displayed when there is a corruption in the header.

Corruptions in the Body of a System Image

Note: The boot loader does not detect corruption in the body of an image until you either select and attempt to boot the corrupted image or the boot loader attempts to boot the default system image.

If the corruption occurs in the body of a default or selected system image to boot, the system image does not boot and the boot loader displays a message stating the image verification failed. The error is logged in the boot loader audit log. The boot loader removes the corrupted image from the list of system images and boots one of the remaining system images from the list.

Message stating the boot system failed to boot.

Boot a Recovered System Image

If information about the installed system images has been lost, the boot loader might be able to recover some of the images. When information in the installed system images has been lost, the CLI displays this warning message:

*********************************WARNING***********************************
Some information associated with the installed system images has been lost:

The appliance is missing some information associated with the
installed system images:
- Default boot system
- Locked system images
- System images to be replaced
- Last successful boot time and status of each image

You can boot one of the recovered images listed below.  After successfully
booting the appliance, you can use the #(config) installed-systems command
to specify the default boot system, which images to lock and the next image
to replace.

To restore the appliance configuration to factory defaults instead of
booting a recovered image, press R or r at the image selection prompt.
*********************************WARNING************************************

To boot a recovered system image, enter the system number (the number next to the version of SGOS/Advanced Secure Gateway) of the image you want to boot.

For further information on the #(config)installed-system command, refer to the “Privileged Mode Configure Commands” chapter of the Command Line Interface Reference. (Commands are the same for the Advanced Secure Gateway appliance).

Resolution

Perform re-initialization for corrupted images or device stuck in boot loop as procedure mentioned above.