Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 1907 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA, slave failed

Richard Priest1

Hi,

We have a pair of SG650 currently on 9.506-2 and have attempted to update the code by updating the slave 1st, unfortunately this failed and has left the slave in an unusable state, initially it never passed the syncing stage, even after being left for a few days, after a power cycle it now doesn't respond to connection attempts.

I don't have much experience with Sophos UTM, but wanted to check that the following is a reasonable process to being the HA back up

power down slave, & disconnect all interfaces.

Power up & factory reset.

Configure as a HA slave device

Connect configured HA interface

Wait for sync to complete

reconnect all other interfaces.

Are there any gotcha's to look out for when performing this work? Can I do the initial config via CLI / console rather than the web GUI?

Cheers

Rich



This thread was automatically locked due to age.
  • 0

    Hello Richard,

    Thank you for contacting the Sophos Community!

    Yes, the steps should be fine, I would just if possible to maybe try to re-image and update to the latest firmware if possible and also upgrade the Master. 

    Make sure also the two UTMs are directly connected via the HA link.

    Not possible to do it via the CLI, only via the GUI.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    many thanks emmosophos,

    I was hoping to bring it up to a working condition and then attempt the upgrade again on the slave. If I re-imaged the appliance to the latest version will it still sync as a slave to the master?

    Cheers

  • 0 in reply to Richard Priest1

    Hello Richard,

    Thank you for the follow-up!

    You would need to have both devices in the same Firmware before attempting to do the HA.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0

    Hi Rich and welcome to he UTM Community!

    Simply doing a Factory Reset may not fix whatever problem occurred, so you should be prepared to have to re-image the Slave from ISO and then allow the sync to happen.  In no case should you do any configuring of the Slave after a Factory Reset unless it's to get Up2Dates as in the following.

    With a little luck, your Factory Reset will enable you to start at step 3 after having shut down the Slave.  Here are the instructions I send to my clients:

    1. If needed, do a quick, temporary install so that the Slave can download Up2Dates.
    2. Apply the Up2Dates to the same version as the current Master, do a factory reset and shutdown.
    3. On the current Master, on the 'Configuration' tab of 'High Availability':
        a. Disable and then enable Hot-Standby
        b. Select eth3 as the Sync NIC
        c. Configure it as Node_1
        d. Enter an encryption key (I've never found a need to remember it)
        e. Select 'Enable automatic configuration of new devices'
        f. I prefer to use 'Preferred Master: None' and 'Backup interface: Internal'
    4. Cable eth3 to eth3 on the Slave.
    5. Cable all of the other NICs exactly as they are on the current Master.
    6. Power up the Slave and wait for the good news. [;)]

    If you have any doubts before you start, please show us a picture of the current 'Configuration' tab in 'Management >> High Availability'

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML