This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9

i want to update my two sophos UTM 9 firewalls that are running on version 9.710-1 to version 9.714-4 as well as are both  connected using IPsec connection.

My first question is:  my ssl vpn clients Will be affected after updates finished or they still using the same configuration.

My second question is : can i update only one firewall and  IPsec between two firewalls connection will stills UP.

Thank you



This thread was automatically locked due to age.
Parents
  • So, if you are on 9.710 then have your users been updated to the Sophos Connect client?  As of 9.710, you can't get the old SSL client from the User Portal any longer.  If they haven't been updated to the Sophos Client, it's recommended to update them.  That would be your only real SSL VPN issue. You can still use the old client for now, but you should have a plan to update them.  Current version is 2.2.90 I believe.

    Are your UTMs configured in high availability?  Or are they at just two different offices an your users connect to one or the other?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hi Amodin, 

    at the moment all my two firewalls still running on version 9.710-1 also ssl vpn users still using the same version, my utm’s are not configured as high availibility, they are only connected from different sites using ip sec, so i have worries if i finished update of two sites to lose ip sec connection and ssl vpn users connection

Reply
  • Hi Amodin, 

    at the moment all my two firewalls still running on version 9.710-1 also ssl vpn users still using the same version, my utm’s are not configured as high availibility, they are only connected from different sites using ip sec, so i have worries if i finished update of two sites to lose ip sec connection and ssl vpn users connection

Children
  • You'll lose IPsec connectivity when they reboot for the updates at that specific UTM connection, that's it.  The updates don't wipe out configurations (but always get backup before, Murphy's law and all).

    You could update one, then the other, but I would recommend updating one, let it reboot/check to verify it's up, then updating the second one, then let it reboot/verify.  Rinse, repeat until updated to 9.714.  Sophos recommended to also install the updates in order, and not just jump from 9.710 directly to 9.714 (in the announcement information I believe).

    This way, after you update the first one, you can verify its up and working, then you can update the second one and confirm.  If you run into an issue, you can pause any progress until an issue is fixed, then move on.

    The updates are pretty seamless and have been flawless for me and several others.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Thank you for your support. I have one more question about ssl vpn users after update finished they will use the old configuration file

  • The .ovpn file should not change at all either.  Sophos Connect client uses that same file unless you change something.  Part of the update, reboot and test would be to also see that your VPN profile connects as it did.  I would add that to the recommendation.  If you have a VPN account on both UTMs, check them both after each update, but should not have any affect by the updates.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Ok, thank you for your support