This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Replacement of a failed HA node

Good Morning,

one of our nodes in a HA cluster failed. The cluster is/was running on firmware 9.706-9.

Found this KB Article regarding the replacement: https://support.sophos.com/support/s/article/KB-000035374?language=en_US


This describes what I need to do:

5. Restoring HA after receiving an RMA'd device.
 

  1. From the primary node, remove the failed node by selecting remove node.
  2. Ensure that the primary node’s configuration has the appliance selected as the preferred primary.
  3. On the auxiliary node to be added Eth3 should be already configured for Automatic Configuration. If not then you may want to do a factory reset and then follow the steps below:
    • Access the appliance, configure the HA operation mode for Automatic Configuration.
  4. Connect the appropriate cables to match the primary configuration along with the interface to act as the HA link.

Syncing should now begin with the connected appliances.


Isn't it necesarry to put the same firmware on the replaced firewall first?
Besides doing a backup is there anything not described that needs to be taken care of? For example regarding licensing ...
As far as I can see there will be no switch during the process. Is that right (would probably kick out a lot of remote users which I want to prevent; failover test will be done during a time when there is much less traffic).

Regards,
BeEf



This thread was automatically locked due to age.
Parents
  • Hello,

    having the same firmware on the second appliace that you want to sync is a very good practise.

    You should have a recent backup of your configuration OUTSIDE primary the firewall system just in case ... So download that to a local drive or a usb stick.

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello,

    having the same firmware on the second appliace that you want to sync is a very good practise.

    You should have a recent backup of your configuration OUTSIDE primary the firewall system just in case ... So download that to a local drive or a usb stick.

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data