Disclaimer: This information is posted as-is and the content should be referenced at your own risk
This thread outlines how to limit downtime when re-imaging Sophos XG hardware appliances that are configured in HA.
Warning: This process will still result in an outage. Please plan ahead accordingly to account for this downtime.
First, download the latest firmware installation image from Sophos Licensing Portal https://www.sophos.com/mysophos
If the firmware version you are looking is unavailable via Sophos Licensing Portal and you prefer to stay on that version, please contact Sophos Technical Support to request for this image. It may take at least two business days for this.
Note: Sophos Support recommends to use latest firmware version. More info: Sophos XG Firewall Release Notes & News
The steps below, assume the following:
To check if an XG firewall in HA is the initial HA primary Node:
nvram get "#li.serial"
nvram get "#li.master"
Step 9 and 10 is to get Node 2 prepared for HA, and they is not necessary, if you can properly re-configure/remove IP address of all interfaces on Node 2.
Assume the following
Here is steps to rebuilld HA for RMA of primary node
Please run Advanced Shell command service -S | grep msync
2021-02-17 major update
2020-02-07 first edition