This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA cluster update failed - One node is in DEAD status

Hi,

After I've tried to update the UTM HA Cluster from 9.702-1 to 9.703-3 one node is in DEAD Status. (both models are SG230)

I've already re-image it with version 9.607-2 and now I have one node with 9.702-1 and another node with 9.607-2 and I'm trying to re-create the HA cluster.

I know one of the requests to create an HA cluster is to have the same version. But the version 9.702-1 is not available for download.

What is the best practice in this case? Can I manually download the u2d file 9.702-1 and manually update the second node from 9.607-2 to 9.702-1? And re-create the cluster after that

Why is no way to update the second node to the same version as the primary node during the HA creating procedure? Ore maybe is it?

Thank you



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out, and welcome to the Community! 

    Check out the following KBA to update the firmware from 9.607-2 to 9.702-1. You would have to download each firmware package from 9.607-2 to 9.702-1 and install each of them one by one.

    Once both firewalls are on the same firmware version, you could re-configure HA. 

    Thanks,

  • Thank you, Patel! But there is no package for 9.702-1

    https://download.astaro.com/UTM/v9/up2date/

    u2d-sys-9.607002-705003.tgz.gpg 2020-Sep-17 16:52:31 282.0M application/octet-stream
    u2d-sys-9.607002-705003.tgz.gpg.md5 2020-Sep-17 16:52:31 0.1K application/octet-stream
    u2d-sys-9.700004-700005.tgz.gpg 2019-Oct-09 09:54:19 2.0M application/octet-stream
    u2d-sys-9.700004-700005.tgz.gpg.md5 2019-Oct-09 09:54:19 0.1K application/octet-stream
    u2d-sys-9.700005-701006.tgz.gpg 2020-Jan-23 08:12:34 199.6M application/octet-stream
    u2d-sys-9.700005-701006.tgz.gpg.md5 2020-Jan-23 08:12:34 0.1K application/octet-stream
    u2d-sys-9.701006-702001.tgz.gpg 2020-Mar-02 11:40:45 20.6M application/octet-stream
    u2d-sys-9.701006-702001.tgz.gpg.md5 2020-Mar-02 11:40:45 0.1K application/octet-stream
    u2d-sys-9.702001-703003.tgz.gpg 2020-Apr-23 14:56:23 241.0M application/octet-stream
    u2d-sys-9.702001-703003.tgz.gpg.md5 2020-Apr-23 14:56:30 0.1K application/octet-stream

    What should I try in this case?

  • FormerMember
    +1 FormerMember in reply to Adrian Poeana

    Hi ,

    Check the reference screenshot: 

    Thanks,

Reply Children
  • That is for updating from  9.702001 to 9.703003. Or am I wrong? 

  • FormerMember
    0 FormerMember in reply to Adrian Poeana

    Hi ,

    Yes, the firmware package above the previous screenshot is the one you're looking for. 

    Reference screenshot:

    Thanks,

  • So, 

    The correct one is u2d-sys-9.701006-702001.tgz.gpg ? 

    And can I update from 9.607-2 to 9.7020-1 by using this a2d file, right?

  • FormerMember
    0 FormerMember in reply to Adrian Poeana

    Hi ,

    You'd have to download all the firmware packages between 9.607-2 to 9.7020-1. 

    Yes, that is the correct firmware package.

    Thanks,

  • Salut Adrian,

    Like Harsh says, you need to apply all of the Up2Dates in order.

    Here are the instructions I supply to customers when they replace one of their nodes:

    1. If needed, do a quick, temporary install so that the new device can download Up2Dates.
    2. Apply the Up2Dates to the same version as the current unit, do a factory reset and shutdown.
    3. On the current UTM in use, on the 'Configuration' tab of 'High Availability':
       a. Disable and then enable Hot-Standby
       b. Select eth3 as the Sync NIC
       c. Configure it as Node_1
       d. Enter an encryption key (I've never found a need to remember it)
       e. Select 'Enable automatic configuration of new devices'
        f. I prefer to use 'Preferred Master: None' and 'Backup interface: Internal'
    4. Cable eth3 to eth3 on the new device.
    5. Cable all of the other NICs exactly as they are on the original UTM.
    6. Power up the new device and wait for the good news. Wink

    Problem is, I don't see that there is any other Up2Date left for 9.607 other than the one to 9.705, which is the version I recommend to my clients.  I would allow the running machine to Up2Date to 9.705 and apply the 9.607-9.705 Up2Date to the unit with 9.607.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    I had to update the primary node to the latest version 9.705. Re-image secondary node with the same version and rebuilt HA.

    Up and running both on HA cluster