Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 41 subscribers
  • Views 2963 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to avoid a double reboot when doing a Sophos XG Firmware upgrade?

Moltron5k

Hi - I have 2 550 firewalls in HA and at one point years ago I think I uploaded a .sig firmware file and did the upgrade that way which ended up rebooting both firewalls at once.  Since then I just wait till there's a popup window saying there's an update, and proceed to download and install without doing a manual upload.

We're not ready to move to v19 of the firmware, and would like to move from 18.5.2 to 18.5.4, which does show up on the firmware tab in the GUI.  So does the v19 firmware as well.  It doesn't seem like it should make any difference clicking install to the 18.5.4 firmware vs. the v19 when it comes to the HA and how the upgrade process works.  I would expect it to reboot one at a time.

To me - the documentation isn't really clear on what actions will cause both firewalls reboot at once.  I'm used to a few seconds of outage for these tasks, and want to avoid a 25 minute outage.

Can anyone clarify this for me? I don't want to be surprised by a large outage.

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Hi Moltron5k,

    As stated with the link provided by Bharat. Therefore it won’t cause an outage.

    When you upgrade an HA device, the process is as follows:

    1. The primary device (device A) upgrades the secondary device (device B).
    2. Device B runs the new firmware and takes control of the network. It's now the primary device and device A is the secondary.
    3. Device A then upgrades and runs the new firmware. It's still the secondary device, but if you have configured the other device as a preferred primary, then the cluster will failover.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    Thanks for the responses.  I think I need to rephrase the question.  Is there an upgrade scenario where both firewalls reboot at once while in HA mode?  This happened to me while in HA mode and I just can't remember what steps led to that situation.  I'm pretty sure firmware was manually uploaded in that case.  It was a few major versions back so maybe improvements have been made to eliminate this scenario when in HA mode.

  • +1 in reply to Moltron5k
    Moltron5k said:
    Is there an upgrade scenario where both firewalls reboot at once while in HA mode? 

    During the HA Firmware upgrade, both Sophos XG will not reboot at once, HA firmware upgrade is followed by the upgrade process as per the link shared earlier.

    So, therefore, it won’t cause an outage, however, you might face the issue as you have manually uploaded the firmware  Download firmware from Sophos Licensing Portal  as you might not follow Sophos releases firmware updates through a phased mechanism, described here with manual uploading firmware.

    https://community.sophos.com/sophos-xg-firewall/b/blog/posts/firewall-firmware-release-process-and-timeline

    As you informed both firewalls rebooted once with the manual update which is not possible without human error, you would have registered the ticket with Sophos Support on the same day issue to find the root cause.

    It would be great if you create a ticket for HA update with Sophos Team they will boot the Firewall with the latest firmware for you. 

    Thanks and regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data
Unfiltered HTML