RMA SG330 Cluster Active/Passive

Make sure you have enabled 'Enable automatic configuration of new devices' in settings of the remaining UTM.

Also make sure the remaining UTM is fully up-and-running.

If i'm not mistaken, the RMA-unit must have the same firmware version as the remaining unit, so check upfront and if needed reimage or update the RMA-unit to the same version as the remaining unit. After that, switch off the RMA unit.

Then connect the RMA unit up where it's especially important that the Sync NIC is connected. After connecting all the cables to the RMA unit, power it up and it should automatically start syncing.

Hello, 

Thank you for your answer.

Should we do a thing about the registration of the new RMA unit before connecting it to the master node ?

I know that when we do a RMA for XG firewalls, we have to register the RMA on the "My Sophos" portal and it automatically replaces the failed unit in the account. Should we do a thing similar for SG ?

Thanks.

That I do not know, sorry.

Salut Viken,

There is no such registration for UTM hardware.  Here's the list I give to my customers that are in a similar situation:

1. If needed, do a quick, temporary install so that the new device can download Up2Dates.
2. Apply the Up2Dates to the same version as the current unit, do a factory reset and shutdown.
3. On the current UTM in use, on the 'Configuration' tab of 'High Availability':
   a. Disable and then enable Hot-Standby
   b. Select eth3 as the Sync NIC
   c. Configure it as Node_1
   d. Enter an encryption key (I've never found a need to remember it)
   e. Select 'Enable automatic configuration of new devices'
   f. I prefer to use 'Preferred Master: None' and 'Backup interface: Internal'
4. Cable eth3 to eth3 on the new device.
5. Cable all of the other NICs exactly as they are on the original UTM.
6. Power up the new device and wait for the good news. [;)]

Cheers - Bob
(Parisien, mais ça fait longtemps !)

PS I have a friend in Brazil that's a professional translator, and she told me that one only translates into their native language.  If you translate that into French for your customer, please give me a copy - merci d’avance !

Hello Bob!

Thanks for your answer, and glad to see that you spent some time in Paris earlier in your life ! :) 

Here is the translate in french if needed:

1. Si besoin, faire une rapide installation temporaire sur le nouvel appareil, pour qu'il télécharge les mises à jour Up2Dates.
2. Installer le même niveau de mises à jour Up2Dates que l'appareil déjà en place, puis une réinitialisation d'usine et l'éteindre.
3. Sur l'appareil toujours en place et fonctionnel, dans la partie "Configuration" et "High Availability" (ou Haute Disponibilité en français):
  a. Désactiver et réactiver Hot-Standby
  b. Sélectionner eth3 comme Sync NIC
  c. Configurer l'appareil actuel en tant que Node_1
  d. Entrer une clé d'encryption. (nul besoin de s'en souvenir)
  e. Sélectionner "Enable automatic configuration of new devices" (Activer la configuration automatique pour les nouveaux appareils en français).
  f. Préférer l’utilisation comme tel: "Preferred Master: aucun" et "Backup Interface: Internal"
4. Relier eth3 des deux appareils l'un avec l'autre.
5. Brancher tous les ports réseaux du nouvel appareil à l'identique de celui qui est remplacé.
6. Allumer le nouvel appareil et attendre que la configuration se fasse automatiquement. :)

Super, Viken !

Bien amicalement - Bob

Super, Viken !

Bien amicalement - Bob