Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 789 views
  • Users 0 members are here
Options
Suggested

Migration From XG 210 To XGS 2100

Clay Tsuhako

Hello:

I am getting ready to migrate from 2 XG 210 firewalls in active/passive mode to 2 XGS 2100 firewalls and I had a couple of questions on the setup.

The XG 210 are both running SFOS 20.0.2 MR-2-Build378. I know that I need to upgrade the firmware on the XGS 2100 to match.

According to the Quick Start Guide, I need to connect the MGMT port on the XGS 2100 to our internal network with the IP address of 10.0.1.1/255.255.255.0. However, our internal network uses that exact IP address scheme (10.0.0.1/255.255.252.0). I can get the XGS 2100 to use the IP address it wants, but it is under a different subnet.

What would be the best way to approach this so I can get the firmware upgraded on the XGS 2100?

Thank you.



Added TAGs
[edited by: Erick Jan at 3:49 PM (GMT -7) on 12 Sep 2024]
Parents
  • +1

    My approach is: 

    Get a stick ready with the newest Firmware and perform a "Stick boot" Reimage.    You do not need a monitor and you can simply boot appliance with the stick, wait 5 minutes and it will have V20.0 MR2 installed. 

    With the V20.0 MR2 installed, you perform a Zero Touch Deployment with both appliances.     TL:DR: You go to Sophos Central, you enter the Serial number and do the initial Wizard. 

    Then you go to your network and plugin the firewall to WAN within your network, which has DHCP. For example, like you would plugin a PC in your network. 

    The firewalls will boot, get a WAN IP and go to Central. Then it will configure itself and be fully reachable via Sophos Central. 

    The next step is depending on your liking: I always say, connect both appliances with a cable and build a HA. So you have a HA in the network.  (One Important Part: Change the Cluster ID from 0 to some number!) 

    You can do all those steps without any problems in your network or downtimes. 

    And now, plan your downtime, via Sophos Central, login to the firewall, restore your backup and then switch the appliances (XG to XGS), use the same cables or change your cable setup as you need it. Done. 

    __________________________________________________________________________________________________________________

Reply
  • +1

    My approach is: 

    Get a stick ready with the newest Firmware and perform a "Stick boot" Reimage.    You do not need a monitor and you can simply boot appliance with the stick, wait 5 minutes and it will have V20.0 MR2 installed. 

    With the V20.0 MR2 installed, you perform a Zero Touch Deployment with both appliances.     TL:DR: You go to Sophos Central, you enter the Serial number and do the initial Wizard. 

    Then you go to your network and plugin the firewall to WAN within your network, which has DHCP. For example, like you would plugin a PC in your network. 

    The firewalls will boot, get a WAN IP and go to Central. Then it will configure itself and be fully reachable via Sophos Central. 

    The next step is depending on your liking: I always say, connect both appliances with a cable and build a HA. So you have a HA in the network.  (One Important Part: Change the Cluster ID from 0 to some number!) 

    You can do all those steps without any problems in your network or downtimes. 

    And now, plan your downtime, via Sophos Central, login to the firewall, restore your backup and then switch the appliances (XG to XGS), use the same cables or change your cable setup as you need it. Done. 

    __________________________________________________________________________________________________________________

Children
Unfiltered HTML