This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG330 to SG450 migration - what about Logfiles?

Hello Community,

we have two SG330 Nodes with UTM version 9.705.

I want to migrate the configuration from the SG330 nodes to two new Sophos SG450 nodes to replace the SG330 cluster. 

My steps:

1. Create backup on the SG330 cluster, shutdown and remove from rack 

2. Put in SG450 nodes to rack 

3. Do a initial configuration on one of the SG450 nodes and after that restore the configuration backup of the SG330 cluster

4. Check interface cabling on SG450 node

5. Transfer important logfiles (Firewall / Webproxy) via WinSCP (from SG330 to SG450)

--> What abpout Email Quarantine Messages? 

6. Check functionality (network connections, protection modules...)

7. Connect second SG450 node to configured SG450 node (HA interface) and let them sync

8. On "UNLINKED State", connect all other network interfaces to second Sg450 node

9. Check functionality

Now i have some questions:

--> Would you copy the logfiles before restoring the configuration backup? Or after restoring the configuration backup?

--> Would you copy the logiles to both SG450 nodes? 

I think in the migreation state it does to much time to copy the files. 

--> Should i copy some email specific settings / logfiles or not? (Email Quarantine?) / SMTP Log? 

What do you mean?

Best regards

Bepo



This thread was automatically locked due to age.
  • Hello

    For smaller devices we just copied the log files to the new machine. If there is enough storage left on the source, we create tgz and scp them over to the new machine. They will be recognized and you could use the UI.

    The reports and network usage are those things we never migrated because they are part of the database afaik.


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • Hello ThomW,

    thank you for your answer.

    Do you copy all logfiles or only the important ones? --> Webfiltering, WLAN, Email, Firewall?

    We don't need the saved reports and network usage data. 

  • Normally I just copy all. You may give it a try with the test llicense to view the results.


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • Ok i will test this and report the results Slight smile

  • Hallo Bepo,

    I think you and ThomW covered this well.  Please do come back and share yor results and any modifications to your original plan so that we can move this thread to Recommended Reads.

    I just copy everything in /var/log to the new Master only.  That includes the PostgreSQL databases with reporting.

    I connect all cables before powering up the Slave node and letting the Master sync to the Slave.

    Agreed with ThomW that the email queues seem to be in the backup, but I'm not sure about that so you will want to keep a 330 around just in case an email needs to be released from its quarantine.

    Just as a reference, here're the instructions I give to my clients for replacing a dead node.

       1. If needed, do a quick, temporary install so that the new device can download Up2Dates.
       2. Apply the Up2Dates to the same version as the current unit, do a factory reset and shutdown.
       3. On the current UTM in use, on the 'Configuration' tab of 'High Availability':
           a. Disable and then enable Hot-Standby
           b. Select eth3 as the Sync NIC
           c. Configure it as Node_1
           d. Enter an encryption key (I've never found a need to remember it)
           e. Select 'Enable automatic configuration of new devices'
           f. I prefer to use 'Preferred Master: None' and 'Backup interface: Internal'
       4. Cable eth3 to eth3 on the new device.
       5. Cable all of the other NICs exactly as they are on the original UTM.
       6. Power up the new device and wait for the good news. Wink

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob, 
    today i migrated our SG330 cluster to SG450 with all logfiles without any problems.

    i will post a full instruction that could be tagged to "Recommended Reads"

    Best regards Benedict Poppe

  • Super, Benedict - looking forward to it!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob,

    this are the steps of the migration:

    ------ Migration Pre-Steps 1 ------

    1. Update SG450 Nodes to newest UTM software version 

    2. Update SG330 Nodes to newest UTM software version

    3. Run Factory Reset on both SG450 Nodes

    ------------------------------------------

    --------- Migration Steps ---------

    Step

    Todo

    1.

    Pause notifications of monitoring systems + SMS-Gateway

    2.

    Manually check the health status on: SG330 Cluster (Logfile-Checks)

    If system status is healthy:

    Create a Configuration Full-Backup of the SG330 Cluster 

    3.

    Connect via WinSCP to the SG330 cluster IP and export the needed logfiles from /var/log 
    (folders)

    4.

    Check the network interface objects mapping to the physical network interfaces in "Definitions & Users"

    5.

    Shutdown the SG330 cluster via HA

    - First - SLAVE Node

    - Second - MASTER Node

    6.

    Remove the SG330 Cluster Node #1 from server rack

    7.

    Disconnect cables from SG330 Cluster Node #2 

    8.

    Set up Rack rails and install SG450 Node #1 in server rack

    9.

    Start SG450 Node #1 

    10.

    Connect to: SG450 Node #1 via https://192.168.0.1:4444 (ETH0)

    11.

    Initial Configuration Wizard ausführen + Restore the Fullbackup of the SG330 cluster

    12.

    Connect to: SG450 Node #1 via: https://10.46.0.34:4444

    - AttentionSubnetzmaske: 255.255.255.224!

    - Attention! Netzwerkinterface ETH4!

    13.

    Import the Trial-EVAL-License 

    14.

    Login with local Admin-Account

    ------------------------------------------

    --------- Functionality Checks ---------

    Steps

    Todo

    1.

    Was the license accepted and all protection are modules available? 

    2.

    Check if HA-Configuration is resettet

    3.

    Check the network interface objects mapping to the physical network interfaces in "Definitions & Users"

    4.

    Connect the interfaces: ETH4 (INET-Uplink) + ETH5 (WAN-Uplink) + ETH2 (DMZ) 

    5.

    check Core-Routing

    6.

    check Core-router Logfiles + Backbone Routers – Wait: 10-15 minutes

    7.

    Check internet connectivity + NTP + DNS

    8.

    Check Authentication Services  (Active Directory)

    9.

    Check Web Protection

    ·         Proxy erreichbar?

    ·         Single-Sign On funktionsfähig

    ·         Content-Filter funktionsfähig

    ·         Logfile funktionsfähig? (auch AD-Erkennung)

    10.

    Check Email Protection

    ·         Emails von intern nach extern + von extern nach intern ok?

    ·         Verbindung zu Emailservern ok? (High-Availability Group)

    11.

    Check Webservers (WAF)

    ·         DMZ-Servers

    ·         CITRIX

    ·         Email-SYNC

    12.

    Check Site-to-Site VPNs (IPSec)

    ·         Sind die IPSec Sites erreichbar?

    ·         Ist ein Zugriff über das Hotline-System möglich?

    13.

    Check SSL-VPNs (End-to-Site)

    ·         Kann man sich einwählen?

    ·         Funktioniert das Userportal?

    14.

    Check Wireless Protection

    ·         Sind die Access Points erreichbar?

    ·         Werden die WLANs ausgestrahlt?

    ·         Kann man sich ins WLAN einloggen?

    15.

    Create Fullbackup auf SG450 Node #1 

    16. 

    Import all exported logfiles --> Copy the exported log folders to /var/log and check in: "Logging & Reporting" if the logfiles are shown in: "archived logfiles"

    ------------------------------------------

    --------- Connect SG450 Node #2 and build active-passive Cluster (HA)---------

    Schritt

    Todo

    1.

    Configure HA on: SG450 Node #1:

    1. Operation mode: active-passive

    2. SYNC NIC: eth3

    3. Device Name: node1

    4. Set Encryption Key

    5. Check: "Enable automatic configuration of new devices"

    6. Set "preferred master" to: node 1

    2.

    Remove SG330 Node #2 from server rack 

    3.

    Install SG450 Node #2 in server rack

    4.

    Start SG450 Node #2 (without cables!)

    5.

    Connect to SG450 Node #2 via https://192.168.0.1:4444 (ETH0)

    6.

    Run Initial Configuration Wizard and login

    7.

    Configure the following in the HA-Menu of: SG450 Node #2 

    1. Operation mode: "Automatic configuration"

    2. SYNC NIC: "eth3"

    8.

    Connect HA-Cable SG450 Node #1 and SG450 Node #2  (ETH3)

    9.

    Wait until HA-SYNC is ready and SG450 Node #2 shows the state: „UNLINKED“:

    10.

    Connect all cables to  SG450 Node #2 

    11.

    check all functions

    12.

    The HA Status should be: SG450 Node #1 is MASTER and SG450 Node #2 is SLAVE. 

    13.

    Trigger a manual HA-Failover HA-Overview. --> Shutdown the SG450 Node #1 .and check if   SG450 Node #2 takeover.

     

    After reboot of SG450 Node #1  this node should be the MASTER node again. 

    ------------------------------------------