- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
EX SSL-VPN: Policy Replication fails on 10.6.3
03/26/2020 
5 People found this article helpful
118,410 Views
Description
EX SSL-VPN: Policy Replication fails on 10.6.3
Resolution
Problem Description:
Policy replication fails with high number of ACL rules and resources.
Post upgrade to 10.6.3 when we replicate the master says replication failed. On the recipients it logs a successful replication but the changes are left as pending and don't apply.
Also we get Java errors in AMC console until we restart mgmt-server.
*****snippet of management.log***********
Nov 27 05:24:27 127.0.0.1/127.0.0.1 AMC: 2013-11-27 05:24:27 +0000 WARNING com.aventail.mgmt.gbladmin.conversations.SenderConversation - Connection failure trying to start replication conversation: ; nested exception is: <167> java.net.ConnectException: Connection refused
Nov 27 05:24:27 127.0.0.1/127.0.0.1 AMC: 2013-11-27 05:24:27 +0000 ERROR com.aventail.mgmt.gbladmin.conversations.ReplicationSenderConversation - Policy replication to lab-internal-3 failed with error: CONNECTION_FAILED
Lot of Java exception errors.
There were java memory errors in: receiver-management.log:
Dec 3 05:20:04 127.0.0.1/127.0.0.1 java.lang.OutOfMemoryError: Java heap space
Dec 3 05:39:36 127.0.0.1/127.0.0.1 java.lang.OutOfMemoryError: GC overhead limit exceeded
Nov 27 05:26:49 127.0.0.1/127.0.0.1 AMC: 2013-11-27 05:26:49 +0000 VERBOSE com.aventail.mgmt.sql.Sql - Query to obtain local user list took 0.211 seconds
Nov 27 05:26:50 127.0.0.1/127.0.0.1 AMC: 2013-11-27 05:26:50 +0000 ERROR com.aventail.mgmt.gbladmin.conversations.ReplicationSenderConversation - Policy replication to cpu3-lab-internal-4 failed with error: INSTALL_FAILED
Nov 27 05:26:57 127.0.0.1/127.0.0.1 AMC: 2013-11-27 05:26:57 +0000 WARNING com.aventail.mgmt.gbladmin.conversations.ReplicationSenderConversation -
Resolution/Workaround:
Tracking ID DTS #137424
SonicWall engineering fixed the issue with a workaround (Hand edit) along with a test hotfix. Please contact Technical support for the test-hotfix.Root cause of the problem is JVM Out Of Memory during replication. To increase the memory allocation, please do the following on BOTH sender and receiver(s) nodes:
1. edit /usr/local/app/mgmt-server/bin/start.sh (line 107: add -Xmx512m after $JAVA_HOME/bin/java)
(start.sh attached)
2. #/etc/init.d/mgmt-server/restart
3. Try replicate, we should be able to replicate successfully.
Note: This is officially fixed in 10.6.5 and 10.7.1 already
Related Articles
- Unsupported features in 12.4.0/12.4.1 firmware.
- Deprecated features in 12.4.0/12.4.1 firmware.
- Client certificate enforcement not working on MC for IOS and MAC.
YES
NO