This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Replacement of a failed HA node

Good Morning,

one of our nodes in a HA cluster failed. The cluster is/was running on firmware 9.706-9.

Found this KB Article regarding the replacement: https://support.sophos.com/support/s/article/KB-000035374?language=en_US


This describes what I need to do:

5. Restoring HA after receiving an RMA'd device.
 

  1. From the primary node, remove the failed node by selecting remove node.
  2. Ensure that the primary node’s configuration has the appliance selected as the preferred primary.
  3. On the auxiliary node to be added Eth3 should be already configured for Automatic Configuration. If not then you may want to do a factory reset and then follow the steps below:
    • Access the appliance, configure the HA operation mode for Automatic Configuration.
  4. Connect the appropriate cables to match the primary configuration along with the interface to act as the HA link.

Syncing should now begin with the connected appliances.


Isn't it necesarry to put the same firmware on the replaced firewall first?
Besides doing a backup is there anything not described that needs to be taken care of? For example regarding licensing ...
As far as I can see there will be no switch during the process. Is that right (would probably kick out a lot of remote users which I want to prevent; failover test will be done during a time when there is much less traffic).

Regards,
BeEf



This thread was automatically locked due to age.
Parents
  • Hi,

    licence is included within backup.

    I install the same Firmware and make a factory-reset at the new device before rebuilding the cluster.

    I connect initially eth3 only. ETH3 is preconfigured for HA (at most devices)

    There should be no switch-over.


    Dirk

    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • Hi,

    licence is included within backup.

    I install the same Firmware and make a factory-reset at the new device before rebuilding the cluster.

    I connect initially eth3 only. ETH3 is preconfigured for HA (at most devices)

    There should be no switch-over.


    Dirk

    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children