SG330 to SG450 migration - what about Logfiles?

Question

Hello Community, 
 we have two SG330 Nodes with UTM version 9.705. 
 I want to migrate the configuration from the SG330 nodes to two new Sophos SG450 nodes to replace the SG330 cluster. 
 
 My steps: 
 1. Create backup on the SG330 cluster, shutdown and remove from rack 
 2. Put in SG450 nodes to rack 
 3. Do a initial configuration on one of the SG450 nodes and after that restore the configuration backup of the SG330 cluster 
 4. Check interface cabling on SG450 node 
 5. Transfer important logfiles (Firewall / Webproxy) via WinSCP (from SG330 to SG450) 
 --> What abpout Email Quarantine Messages? 
 6. Check functionality (network connections, protection modules...) 
 7. Connect second SG450 node to configured SG450 node (HA interface) and let them sync 
 8. On "UNLINKED State", connect all other network interfaces to second Sg450 node 
 9. Check functionality 
 
 Now i have some questions : 
 --> Would you copy the logfiles before restoring the configuration backup? Or after restoring the configuration backup? 
 --> Would you copy the logiles to both SG450 nodes? 
 I think in the migreation state it does to much time to copy the files. 
 
 --> Should i copy some email specific settings / logfiles or not? (Email Quarantine?) / SMTP Log? 
 
 What do you mean?

Best regards 
 
 Bepo

Bepo · Accepted Answer

Hello Bob, 
 this are the steps of the migration: 
 
 ------ Migration Pre-Steps 1 ------ 
 1. Update SG450 Nodes to newest UTM software version 
 2. Update SG330 Nodes to newest UTM software version 
 3. Run Factory Reset on both SG450 Nodes 
 ------ ------ ------ ------ ------ ------ ------ 
 --------- Migration Steps ---------

Step

Todo

1.

Pause notifications of monitoring systems + SMS-Gateway

2.

Manually check the health status on: SG330 Cluster (Logfile-Checks) 
 If system status is healthy: 
 Create a Configuration Full-Backup of the SG330 Cluster

3.

Connect via WinSCP to the SG330 cluster IP and export the needed logfiles from /var/log (folders)

4.

Check the network interface objects mapping to the physical network interfaces in "Definitions & Users"

5.

Shutdown the SG330 cluster via HA 
 - First - SLAVE Node 
 - Second - MASTER Node

6.

Remove the SG330 Cluster Node #1 from server rack

7.

Disconnect cables from SG330 Cluster Node #2

8.

Set up Rack rails and install SG450 Node #1 in server rack

9.

Start SG450 Node #1

10.

Connect to: SG450 Node #1 via https://192.168.0.1:4444 ( ETH0 )

11.

Initial Configuration Wizard ausf&uuml;hren + Restore the Fullbackup of the SG330 cluster

12.

Connect to: SG450 Node #1 via: https://10.46.0.34:4444 
 - A ttention Subnetzmaske: 255.255.255.224 ! 
 - Attention! Netzwerkinterface ETH4 !

13.

Import the Trial-EVAL-License

14.

Login with local Admin-Account

------ ------ ------ ------ ------ ------ ------ 
 --------- Functionality Checks ---------

Steps

Todo

1.

Was the license accepted and all protection are modules available?

2.

Check if HA-Configuration is resettet

3.

Check the network interface objects mapping to the physical network interfaces in "Definitions & Users"

4.

Connect the interfaces: ETH4 (INET-Uplink) + ETH5 (WAN-Uplink) + ETH2 (DMZ)

5.

check Core-Routing

6.

check Core-router Logfiles + Backbone Routers &ndash; Wait: 10-15 minutes

7.

Check internet connectivity + NTP + DNS

8.

Check Authentication Services (Active Directory)

9.

Check Web Protection 
 &middot; Proxy erreichbar? 
 &middot; Single-Sign On funktionsf&auml;hig 
 &middot; Content-Filter funktionsf&auml;hig 
 &middot; Logfile funktionsf&auml;hig? (auch AD-Erkennung)

10.

Check Email Protection 
 &middot; Emails von intern nach extern + von extern nach intern ok? 
 &middot; Verbindung zu Emailservern ok? (High-Availability Group)

11.

Check Webservers (WAF) 
 &middot; DMZ-Servers 
 &middot; CITRIX 
 &middot; Email-SYNC

12.

Check Site-to-Site VPNs (IPSec) 
 &middot; Sind die IPSec Sites erreichbar? 
 &middot; Ist ein Zugriff &uuml;ber das Hotline-System m&ouml;glich?

13.

Check SSL-VPNs (End-to-Site) 
 &middot; Kann man sich einw&auml;hlen? 
 &middot; Funktioniert das Userportal?

14.

Check Wireless Protection 
 &middot; Sind die Access Points erreichbar? 
 &middot; Werden die WLANs ausgestrahlt? 
 &middot; Kann man sich ins WLAN einloggen?

15.

Create Fullbackup auf SG450 Node #1

16.

Import all exported logfiles --> Copy the exported log folders to /var/log and check in: "Logging & Reporting" if the logfiles are shown in: "archived logfiles"

------------------------------------------ 
 --------- Connect SG450 Node #2 and build active-passive Cluster (HA)---------

Schritt

Todo

1.

Configure HA on: SG450 Node #1 : 
 1. Operation mode: active-passive 
 2. SYNC NIC: eth3 
 3. Device Name: node1 
 4. Set Encryption Key 
 5. Check: "Enable automatic configuration of new devices" 
 6. Set "preferred master" to: node 1

2.

Remove SG330 Node #2 from server rack

3.

Install SG450 Node #2 in server rack

4.

Start SG450 Node #2 (without cables!)

5.

Connect to SG450 Node #2 via https://192.168.0.1:4444 ( ETH0 )

6.

Run Initial Configuration Wizard and login

7.

Configure the following in the HA-Menu of: SG450 Node #2 
 1. Operation mode: "Automatic configuration" 
 2. SYNC NIC: "eth3"

8.

Connect HA-Cable SG450 Node #1 and SG450 Node #2 (ETH3)

9.

Wait until HA-SYNC is ready and SG450 Node #2 shows the state: &bdquo;UNLINKED&ldquo;:

10.

Connect all cables to SG450 Node #2

11.

check all functions

12.

The HA Status should be: SG450 Node #1 is MASTER and SG450 Node #2 is SLAVE.

13.

Trigger a manual HA-Failover HA-Overview. --> Shutdown the SG450 Node #1 .and check if SG450 Node #2 takeover. 
 
 After reboot of SG450 Node #1 this node should be the MASTER node again.

------------------------------------------

SG330 to SG450 migration - what about Logfiles?

Top Replies