PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
We have an older 220 UTM physical unit at our sister facility. We recently purchased a new UTM 230 to replace it. Couple of questions I have on the process of doing this:
Can I load a backup config taken recently from the 220 and load it on the new 230? The 220 is on firmware version 9.506-2, while the new 230 is on version 9.500-9. Should I upgrade the firmware on the 230 first?
Do I need to go to licensing manager and upgrade the 220 license and upgrade it to a 230 license? Will this effect the active 220 unit? Do I need to do this first thing?
Will it be a problem if I load the backup config onto the new 230 while the 220 is still active in our sister site?
Just wondering what is the best practice for performing this upgrade. Thanks in advance
I would upgrade the unit to the latest firmware (just in case there is an issue).
to load the config on without "Unique Site Data" - may just be what you need when you create a backup
I would also create a test environment first, test it all (most) out first prior to deployment.
if both are active then there may be problem with duplicate IPs ... yeah I know that's obvious.
for a license I would probably create an 30 day evaluation license, "to try before you buy"
downgrading and upgraded license is a pain, and Sophos don't like doing it.
have a look at the following article, it may help.
In reply to JasonFell:
Jason, I have a different process for this scenario.
It is indeed necessary to have the new unit at the same or newer version. When a license is upgraded from a 220 to a 230 on MyUTM, there is no effect on the existing 220 license. I would download a copy of the 220 license before upgrading just in case I needed to re-apply the license in the 220. Only we Sophos partners can create trial licenses, but because of the foregoing, he won't need one. In any case, the expiration date of his 230 license will not be affected whether he upgrades sooner or later.
Here's my recommended procedure for an upgrade or a replacement for a dying unit:
1. Do a quick, temporary install so that the new device can download Up2Dates if needed.2. Apply the desired Up2Dates (stop at 9.506 today) and do a factory reset.3. On the current UTM in use, on the 'Hardware' tab of 'Interfaces', assign the MAC as the Virtual MAC for the NICs in use.4. Create a backup and load it onto a USB memory stick.5. Reboot the new device with the USB memory stick in place and remove the memory stick after the boot is complete.6. Connect a PC to the new device, upload the license for the new device and then disconnect the PC, leaving the new device powered up.7. Power down the old device and move the cables to the new device. Done.
Cheers - Bob
In reply to BAlfson:
Never thought of doing it that way, ingenious.
I'll remember that one, thanks