Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 7877 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos sg-230 UTM 9 HA(Active-Passive) Licensing and Setup

Panos X13

Hello,

I would like to create an HA Active-Passive between 2 Sophos Sg-230.

Right now I have only one sophos SG-230 with network Protection Licence, Also its firmware is 9.600-5

I bought a second SG-230 and I want to configure it as a Slave on the HA

I follow the above instructions of the above link

https://techbast.com/2015/04/configuring-high-availability-ha-on-sophos-utm.html

And I have configured only the Master node.

So right now I have to configure the Slave node and I'm confused.

What I should select in the HA menu of the second node? I have the options auto-configuration and active-passive ha ?

I'm afraid if I connect the second node it will be become as a master and my old sophos lose its configuration.

Also the new sophos I haven't install any licence I thought the licence of the Master Node will be transferred when the HA will finish syncing.

Also the new sophos has an older firmware 9.311 I tried to update it with Up2Date but nothing is happening, in the dashboard it finds that updates should be installed but when I click on it in the Up2Date page it shows that sophos is up to date.

So I was wondering if I select in the high availability in menu Hot-Standby(active-passive)

and I fill the Device Name with a name, the Node id  with 2, the encryption key with the key that I gave in node1 and I check enable automatic configuration of new devices and finally connect them with a cross cable, 

I will be fine? The node 2 will be the slave of the HA and then it will sync configuration licence and firmware from the master?

or I have to do something else?



This thread was automatically locked due to age.
Parents
  • +1

    Hi Panox X13,

    if you have configured the master node correctly you do not need to configure the second appliance.

    You just have to connect the devices by the HA port (default eth3). The rest goes automaticlly when you power on the second appliance.

    You have configured the second device so you have to make an factory reset to make sure there are no errors.

    But before making an factory reset bring the second device on the same firmware version as the master node.

    If the normal up2date process does not work just reimage the appliance via cd/usb with the sophos image(Faster then loading the updates to the appliance and factory reset included) or check the up2date logs to look up why no updates are loaded.

    Best Regards
    DKKDG

  • 0 in reply to DKKDG

    Thank you very much.

    Where I can find instructions how to reimage the sophos?

    Also if I proceed without firmware update it will be a problem? When the sync of the HA is completed It will not transfer and the latest firmware that the Master has to the new sophos?

    Also does the sync procedure of HA have downtime? so I have to try this in no working hours or I will be fine if I do this during wokring hours?

    Thx

Reply
  • 0 in reply to DKKDG

    Thank you very much.

    Where I can find instructions how to reimage the sophos?

    Also if I proceed without firmware update it will be a problem? When the sync of the HA is completed It will not transfer and the latest firmware that the Master has to the new sophos?

    Also does the sync procedure of HA have downtime? so I have to try this in no working hours or I will be fine if I do this during wokring hours?

    Thx

Children
No Data
Unfiltered HTML