Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 2018 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Replacing defective SG125 unit in HA active-passive cluster

Milenko Zorić

Dear,

a few months ago, we established a HA active-passive cluster with 2 SG 125 appliance units.
The system worked fine until a few weeks ago when it started reporting errors.

Sophos has sent us new SG 125 device according RMA procedures within the warranty period.
Our system has up-to date firmware 9.7005, but this new one we got from Sophos 9.605.

We've been trying to put the new unit into the as slave in active-passive mode cluster for a few days now, but we're failing:
1. We deleted the high availabiliti on UTM
2. Turn off the slave unit and connect new unit.
3. We recreated high availability and added a new unit as a Slave.
4. Up2Date and Syncing status stood on the new unit for a few minutes, but in the end it failed

We tried independently to upgrade the firmware to the same version 9.7005 on the new unit as the Master unit, but it fails.

What are the steps we need to take to successfully replace the new SG125?



This thread was automatically locked due to age.
  • 0

    Hi Milenko

    "at the end it failed" or "but it Fails" is not really the log Information to get help from the community ;-)

    But even if there are many possible reasons in the different steps that might cause the HA-Sync to fail -> in General it is really stright forward.

    If you already tried different steps, I would recommend you to focus on upgrading the RMA-Device to the same FW-Version:

    If it fails with an USB-Stick (I would assume that it already deleted the Partitions of the internal Disk Drive), try it with an external USB-CD-ROM/ DVD-Drive and burn the ISO-File on the CD/ DVD first. That method is very solid and works like a charm (even if it feels a little antiquated). Just follow best practice on https://community.sophos.com/kb/en-us/115879

    If this fails - contact your Sophos Supplier because the RMA-UTM might be defective.

    After you upgraded the RMA-UTM: 

    Power down the RMA-UTM - don't Change anything in configuration, neither logon.

    Configure the still running Master-UTM to "automatic" HA-Mode (like it was with the original delivery status).

    Connect the RMA-UTM with the HA-Ports "only" and power on the RMA-UTM.

    Sync should happen and after 15-20min it should provide the Status "unlinked". Now you can start cabling it again to the final Status.

    Have a look at the log files - but give it time to sync -> the SG125 is not a rocket ;-)

    Please give Feedback within the community

    Cheers, Janbo

    ---

    janbo.noerskau@comedia.de UTM lover ;-)

  • 0 in reply to Janbo Noerskau

    Hi Janbo,

    I solved the problem!

    My mistake was that I downloaded the latest firmware via ftp to try to upgrade directly from 9.605 to 9.700 in offline mode. Now I have connected the SG 125 on the Internet and it has automatically determined which firmware patches to apply (9.510005, 9.605001 and 9.700005).

    After that I plugged the new SG 125 into the cluster (HA port only). The new unit registered in SYNCING status and then in status UNLINKED. I then included other ports on the new unit and the unit became READY.

    Thanks for your help!

Unfiltered HTML