Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 4558 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Downtime during HA Active-Passive setup

Christopher Perrin

Hello,

I took over a sophos installation from a previous admin and the way they set it up is bit problematic. We have two UTM SG230 appliances, but one is always kept as offline spare. This makes updates always a pain, especially since we can not be down for any period of time.

Because of that I want to add the secondary UTM as Failover Host. What I absolutely cannot do is bring the network down with it.

So can I add a Failover Partner without a downtime on the current master?

What steps would you suggest I take in what order to get this running as smooth as possible?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    We would request you to perform the HA configuration operation during off overs as a safe side.

    The provided configuration link has all the details required to configure HA in Sophos UTM 9.

    https://community.sophos.com/kb/en-us/133642

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    That would be easy. I know how the HA setup works. I have the problem that I have no downtime windows. I whish that was different but I can't change that for the moment.

    If you tell me it is not possible without downtime I will just leave it for now, but I hoped it was possible.

  • 0 in reply to Christopher Perrin

    Hi  

    I have confirmed with my team and found out that you can configure HA without nay downtime, please configure the Slave device as per required HA configuration and verify Master device HA configuration, put the slave device into the network, make connection and enable HA from Master device and it will up without any downtime for master device.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Christopher Perrin

    Hallo Christopher and welcome to the UTM Community!

    I agree that it's unlikely that there will be a problem caused by bringing the units into High Availability.  In addition to the KB, here's prescription I gave to client that had purchased a new SG to use for High Availabililty:

    1. If needed, do a quick, temporary install so that the new device can download Up2Dates.
    2. Apply the desired Up2Dates, do a factory reset and shutdown.
    3. On the current UTM in use, on the 'Configuration' tab of 'High Availability':
       a. Enable Hot-Standby
       b. Select eth3 as the Sync NIC
       c. Configure it as Node_1
       d. Enter an encryption key (I've never found a need to remember it)
       e. Select 'Enable automatic configuration of new devices'
       f. I prefer to use 'Preferred Master: None' and 'Backup interface: Internal'
    4. Cable eth3 to eth3 on the new device.
    5. Cable all of the other NICs exactly as they are on the original UTM.
    6. Power up the new device and wait for the good news. [;)]

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Christopher Perrin

    Hallo Christopher and welcome to the UTM Community!

    I agree that it's unlikely that there will be a problem caused by bringing the units into High Availability.  In addition to the KB, here's prescription I gave to client that had purchased a new SG to use for High Availabililty:

    1. If needed, do a quick, temporary install so that the new device can download Up2Dates.
    2. Apply the desired Up2Dates, do a factory reset and shutdown.
    3. On the current UTM in use, on the 'Configuration' tab of 'High Availability':
       a. Enable Hot-Standby
       b. Select eth3 as the Sync NIC
       c. Configure it as Node_1
       d. Enter an encryption key (I've never found a need to remember it)
       e. Select 'Enable automatic configuration of new devices'
       f. I prefer to use 'Preferred Master: None' and 'Backup interface: Internal'
    4. Cable eth3 to eth3 on the new device.
    5. Cable all of the other NICs exactly as they are on the original UTM.
    6. Power up the new device and wait for the good news. [;)]

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML