Note: Please contact Sophos Professional Services if you require direct assistance with your specific environment.
This thread outlines how to limit downtime when re-imaging Sophos XG hardware appliances that are configured in HA.
Warning: This process will still result in an outage. Please plan ahead accordingly to account for this downtime.
First, download the latest firmware installation image from Sophos Licensing Portal https://www.sophos.com/mysophos
If the firmware version you are looking is unavailable via Sophos Licensing Portal and you prefer to stay on that version, please contact Sophos Technical Support to request for this image. It may take at least two business days for this.
Note: Sophos Support recommends to use latest firmware version. More info: Sophos XG Firewall Release Notes & News
The steps below, assume the following:
To check if an XG firewall in HA is the initial HA primary Node:
nvram get "#li.serial"
nvram get "#li.master"
Step 9 and 10 are to get Node 2 prepared for HA, and they are not necessary if you can properly re-configure IP address of all interfaces on Node 2.
Assume the following
Here is steps to rebuilld HA for RMA of primary node
Step 8 and 9 are to get Node 2 prepared for HA, and they are not necessary if you can properly re-configure IP address of all interfaces on Node 2.
Please run Advanced Shell command service -S | grep msync
2021-09-07, fixed typo
2021-02-17, major update
2020-02-07, first edition