Hello
a follow up.
the new firewall has arrived to replace the faulty primary of the HA pair.
The existing secondary firewall has firmware 9.706-9
The new firewall has firmware version 9705.
What is the best and safest approach and how would I upgrade the new firewall to match the existing firewalls version.
Thanks all.
Haigh Darren and welcome to the UTM Community!
Here're the instructions I give to my clients:
1. If needed, do a quick, temporary install so that the new device can download Up2Dates.
2. Apply the Up2Dates to the same version as the current unit, do a factory reset and shutdown.
3. On the current UTM in use, on the 'Configuration' tab of 'High Availability':
a. Disable and then enable Hot-Standby
b. Select eth3 as the Sync NIC
c. Configure it as Node_1
d. Enter an encryption key (I've never found a need to remember it)
e. Select 'Enable automatic configuration of new devices'
f. I prefer to use 'Preferred Master: None' and 'Backup interface: Internal'
4. Cable eth3 to eth3 on the new device.
5. Cable all of the other NICs exactly as they are on the original UTM.
6. Power up the new device and wait for the good news. 
Cheers - Bob
