Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 1948 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hardware replacement of cluster SG230v1 to SG230v2

Nicolas Muller

Hello,

I have to replace a cluster of 2 Sophos SG230v1 UTM in production with a brand new cluster of Sophos SG230v2 I have juste received.

I am preparing the replaecment process but I cannot find a thread that talk about this subject on the forum. Is there any process somewhere ?

 

Here what i am thinking of doing:

- 1 upgrade the firmware of the SG230v2 to the same version as SG230v1 in production

- load the configuration of the SG230v1 to the SG230v2 cluster

- Load the new licence key in the Sophos SG230v2

When the 2 new Sophos SG230v2 are ready, unplug the old appliance of the network and plug the 2 new ones

Is this a correct process ?



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    1. Ensure the firmware version on the new SG is matching the firmware on the old SG devices; if not, update the new devices. Firmware back will only work if the firmware on the new SG is the equal or higher firmware version.

    2. Access one of the new SG and apply the license file. If you have an Active/Passive cluster, you will need a license for only the Active/Master unit. 

    3. Ensure that the master node’s configuration has the appliance selected as the preferred master.

    4. On the auxiliary node to be added Eth3 should be already configured for Automatic Configuration; if not, configure the HA operation mode for Automatic Configuration.

    5. Replace the old SG with the new SG.

    6. Connect the appropriate cables to match the master configuration along with the interface to act as the HA link.

    7. Syncing should now begin with the connected appliances.

    Thanks,

  • 0 in reply to FormerMember

    Hello,

    Thank you for your answer. I have understood Step 1, 2 an 3 (firmware, license and prefered master) but I am not sure to understand step 4 to 7:

    You need to shut down the old SG auxiliary, plug the new SG auxiliary to the old SG master node and then there is a sync of config.

    When sync is finished, you shutdown the old SG master and then plug the new SG master which will synchronize its config with the new SG auxiliary.

    Did I understood the process ?

    Nicolas

  • FormerMember
    0 FormerMember in reply to Nicolas Muller

    Hi  

    No, you should not be able to connect your new SG to the old SG master as both have different revision numbers; for configuration backup, you have to upload it manually to the new SG device. 

    Step 4: Eth3, by default, is configured for HA Automatic Configuration, so you do not have to configure these settings manually. If you encounter any issue with auto-sync when you connect Eth3 with the primary node, then you have to ensure that Automatic Configuration is set on the secondary unit.

    Step 5: At this point, you should be ready to unplug your both old SG devices and replicate hardware setup on to the new SG devices.

    Step 6: Ensure all the cables that were connected to the old SG are note replicated on the new primary and secondary SG.

    Step 7: Syncing should now begin with the connected appliances.

    Thanks,

  • 0

    Salut Nicolas and welcome to the UTM Community!

    You should not need a new license.  The one in the backup of your v1 device should work just fine in the v2 devices.

    I would not proceed as you suggest in your first post above as you will lose all of your logs and reporting.  Instead, take advantage of High Availability to get an easier, automatic replacement.  I haven't tried this, but I believe it should work

    1. Apply the Up2Dates in the new v2 units so that they are on the same version as your v1 units, factory reset them and then power them down.
    2. In the Master of the v1 units, in 'Management >> High Availability', shut down the Slave.
    3. Disconnect the v1 Slave, replace it with one of the v2 units, cable it identically and power it up.
    4. Give the units a half hour for the Master to configure the new Slave and duplicate logs and reporting.
    5. When the new Slave is READY, in 'Management >> High Availability', shut down the v1 Master and the v2 Slave will become Master.
    6. Disconnect the remaining v1 SG, replace it with other v2 unit, cable it identically and power it up.
    7. Give the units a half hour for the v2 Master to configure the new v2 Slave and duplicate logs and reporting.
    8. When the new Slave is READY, in 'Management >> High Availability', you're DONE!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello BAlfson,

    I have tried successfully the process you have described  !

    SG230 revision1 and 2 are compatible and can be in the same HA config. Synchronization worked well.

    1 Additionnal info for others: at step 2, when you shutdown the slave, you have also to remove it completely from the cluster. Otherwise, when the v2 unit will be discovered by the old v1 master, it will be not integrated into the cluster as there is no more "nodeid" available.

     

    Thank you for your help.

    Nico

Unfiltered HTML