This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hardware replacement of cluster SG230v1 to SG230v2

Hello,

I have to replace a cluster of 2 Sophos SG230v1 UTM in production with a brand new cluster of Sophos SG230v2 I have juste received.

I am preparing the replaecment process but I cannot find a thread that talk about this subject on the forum. Is there any process somewhere ?

 

Here what i am thinking of doing:

- 1 upgrade the firmware of the SG230v2 to the same version as SG230v1 in production

- load the configuration of the SG230v1 to the SG230v2 cluster

- Load the new licence key in the Sophos SG230v2

When the 2 new Sophos SG230v2 are ready, unplug the old appliance of the network and plug the 2 new ones

Is this a correct process ?



This thread was automatically locked due to age.
Parents
  • Salut Nicolas and welcome to the UTM Community!

    You should not need a new license.  The one in the backup of your v1 device should work just fine in the v2 devices.

    I would not proceed as you suggest in your first post above as you will lose all of your logs and reporting.  Instead, take advantage of High Availability to get an easier, automatic replacement.  I haven't tried this, but I believe it should work

    1. Apply the Up2Dates in the new v2 units so that they are on the same version as your v1 units, factory reset them and then power them down.
    2. In the Master of the v1 units, in 'Management >> High Availability', shut down the Slave.
    3. Disconnect the v1 Slave, replace it with one of the v2 units, cable it identically and power it up.
    4. Give the units a half hour for the Master to configure the new Slave and duplicate logs and reporting.
    5. When the new Slave is READY, in 'Management >> High Availability', shut down the v1 Master and the v2 Slave will become Master.
    6. Disconnect the remaining v1 SG, replace it with other v2 unit, cable it identically and power it up.
    7. Give the units a half hour for the v2 Master to configure the new v2 Slave and duplicate logs and reporting.
    8. When the new Slave is READY, in 'Management >> High Availability', you're DONE!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Salut Nicolas and welcome to the UTM Community!

    You should not need a new license.  The one in the backup of your v1 device should work just fine in the v2 devices.

    I would not proceed as you suggest in your first post above as you will lose all of your logs and reporting.  Instead, take advantage of High Availability to get an easier, automatic replacement.  I haven't tried this, but I believe it should work

    1. Apply the Up2Dates in the new v2 units so that they are on the same version as your v1 units, factory reset them and then power them down.
    2. In the Master of the v1 units, in 'Management >> High Availability', shut down the Slave.
    3. Disconnect the v1 Slave, replace it with one of the v2 units, cable it identically and power it up.
    4. Give the units a half hour for the Master to configure the new Slave and duplicate logs and reporting.
    5. When the new Slave is READY, in 'Management >> High Availability', shut down the v1 Master and the v2 Slave will become Master.
    6. Disconnect the remaining v1 SG, replace it with other v2 unit, cable it identically and power it up.
    7. Give the units a half hour for the v2 Master to configure the new v2 Slave and duplicate logs and reporting.
    8. When the new Slave is READY, in 'Management >> High Availability', you're DONE!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hello BAlfson,

    I have tried successfully the process you have described  !

    SG230 revision1 and 2 are compatible and can be in the same HA config. Synchronization worked well.

    1 Additionnal info for others: at step 2, when you shutdown the slave, you have also to remove it completely from the cluster. Otherwise, when the v2 unit will be discovered by the old v1 master, it will be not integrated into the cluster as there is no more "nodeid" available.

     

    Thank you for your help.

    Nico