This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hardware replacement of cluster SG230v1 to SG230v2

Hello,

I have to replace a cluster of 2 Sophos SG230v1 UTM in production with a brand new cluster of Sophos SG230v2 I have juste received.

I am preparing the replaecment process but I cannot find a thread that talk about this subject on the forum. Is there any process somewhere ?

 

Here what i am thinking of doing:

- 1 upgrade the firmware of the SG230v2 to the same version as SG230v1 in production

- load the configuration of the SG230v1 to the SG230v2 cluster

- Load the new licence key in the Sophos SG230v2

When the 2 new Sophos SG230v2 are ready, unplug the old appliance of the network and plug the 2 new ones

Is this a correct process ?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    1. Ensure the firmware version on the new SG is matching the firmware on the old SG devices; if not, update the new devices. Firmware back will only work if the firmware on the new SG is the equal or higher firmware version.

    2. Access one of the new SG and apply the license file. If you have an Active/Passive cluster, you will need a license for only the Active/Master unit. 

    3. Ensure that the master node’s configuration has the appliance selected as the preferred master.

    4. On the auxiliary node to be added Eth3 should be already configured for Automatic Configuration; if not, configure the HA operation mode for Automatic Configuration.

    5. Replace the old SG with the new SG.

    6. Connect the appropriate cables to match the master configuration along with the interface to act as the HA link.

    7. Syncing should now begin with the connected appliances.

    Thanks,

  • Hello,

    Thank you for your answer. I have understood Step 1, 2 an 3 (firmware, license and prefered master) but I am not sure to understand step 4 to 7:

    You need to shut down the old SG auxiliary, plug the new SG auxiliary to the old SG master node and then there is a sync of config.

    When sync is finished, you shutdown the old SG master and then plug the new SG master which will synchronize its config with the new SG auxiliary.

    Did I understood the process ?

    Nicolas

Reply
  • Hello,

    Thank you for your answer. I have understood Step 1, 2 an 3 (firmware, license and prefered master) but I am not sure to understand step 4 to 7:

    You need to shut down the old SG auxiliary, plug the new SG auxiliary to the old SG master node and then there is a sync of config.

    When sync is finished, you shutdown the old SG master and then plug the new SG master which will synchronize its config with the new SG auxiliary.

    Did I understood the process ?

    Nicolas

Children
  • FormerMember
    0 FormerMember in reply to Nicolas Muller

    Hi  

    No, you should not be able to connect your new SG to the old SG master as both have different revision numbers; for configuration backup, you have to upload it manually to the new SG device. 

    Step 4: Eth3, by default, is configured for HA Automatic Configuration, so you do not have to configure these settings manually. If you encounter any issue with auto-sync when you connect Eth3 with the primary node, then you have to ensure that Automatic Configuration is set on the secondary unit.

    Step 5: At this point, you should be ready to unplug your both old SG devices and replicate hardware setup on to the new SG devices.

    Step 6: Ensure all the cables that were connected to the old SG are note replicated on the new primary and secondary SG.

    Step 7: Syncing should now begin with the connected appliances.

    Thanks,