Originally, we had the automatic System/Module/Security updates enable in Module Admin.
That broke stuff.
Then we switched on only Automatic Security Updates.
That broke stuff.
We have manually applied Asterisk updates when there had been no reported issues.
That broke stuff.
Now we wait until a week to10 days and watch the forums for issues.
Then we use the following CLI script on our office Test PBX and run it for a few days prior to updating production systems.
yum -y update
fwconsole ma updateal
fwconsole chown
fwconsole r
fwconsole restart
As these are production servers, I won’t run the edge track.
This Firewall bug didn’t show up in the forums, nor did it show up in our own testing. It reared it’s head when letsencrypt ran on two production servers. (The problem has now shown up on two servers)
We have experienced many problems upgrading production servers over the last year and are very careful when rolling out upgrades.
This latest bug caught us by surprise. We have found the new bug to be when Letsencrypt runs, it turns off Firewall 15.0.6.18.
Downgrading the firewall to 15.0.6.11 “seems” to have resolved this problem but it is too early to tell as of yet.
I’ll update this post if the downgrade stops the firewall deactivation issue.