This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rollback Firmware Procedure

I've seen this asked previously in the Astaro site but never saw any real answers. I would like to know...

Is there is a clear concise procedure (written in noobese) that we can follow to EASILY rollback from these too frequently unbaked steaming piles of stinkpie that Sophos "devs" seem so found of throwing on us?

What if your backup is older/newer than available ISO's?

What additional steps (if any) in a HA environment?

Here is what I've gathered so far, please correct me as needed and please let me know if there are any shortcuts:

1. BEFORE running UP2Date do a manual backup of your configuration file and export it off device (email, etc...) and place it on root of USB Flash drive.

2. Check which versions have ISO available and download version that precedes your backup... https://www.sophos.com/en-us/support/utm-downloads.aspx

3. Follow these steps up until the last part about rebooting with your config file... https://www.sophos.com/en-us/support/knowledgebase/115879.aspx

4. Run UP2Date manually to bring UTM up to your version of configuration file

5. Reboot the UTM with your recent configuration backup in the root folder of a USB Flash drive, and the UTM will automatically apply your configuration backup.



This thread was automatically locked due to age.
  • In a nutshell, you got it. There is no true rollback, as files replaced/updated by up2dates are not stored.

    "What if your backup is older/newer than available ISO's" You can install a config backup from older versions, but not newer. Let's say you only have a config backup from 9.318, but need to install from a 9.317 ISO. In this case, you'd need to be on 9.318 to use that config-backup. It behooves you to keep a number of config-backups, going back a few versions in case needed.

    "What additional steps (if any) in a HA environment". All UTMs in a cluster/HA need to be on the same version to sync. Just get the slave on the same version as the re-installed/re-configed master, then you can hook it up. It'll be detected by the master and applicable files, including the config will be synced over.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • Thanks Scott, now I know I'm not missing out on some simpler procedure. Not the answer I was hoping for, but expected.

     “Stay paranoid, my friends.”