Replacing faulty SG210 in HA setup

Hi,

I have a set of SG210 running UTM 9.510-5 firmware with active subscription.

Recently 1 of the SG210 had problem and we RMA the unit, a replacement unit was sent to us, but with a higher firmware version (9.705). I checked the Sophos UTM download page and seems UTM 9.510-5 is no longer available for download any more.

May I know what is the correct procedure to join the replacement unit back to the HA cluster?

1. Backup config file from existing working SG210
2. Go to MyUTM, license for the old faulty unit and change the serial number to the new unit
3. Go to High Availability setting in the existing working SG210 and change the operation mode to Off
4. Upgrade existing SG210 to same firmware as the replacement unit (downtime expected)
5. Connect the HA ports for both units
6. Configure HA setting at existing unit
7. Connect the WAN and LAN port of replacement unit

Is the above steps correct?

Thanks.

Patrick.

Parents
  • Hi Patrick.

    You won't have to change the serial in myutm because your license is normally included in the backup.

    First of all I would advise you to check if the replacement unit has the same hardware revision like the one in production. Currently we are getting sometimes RMA devices for HA clusters where the hardware revision does not match. Therefore check this here (Sophos Firewall, UTM, AP, RED: Find the revision number)

    There would be another option to bring your cluster back to production, but with the risk, that you have to upgrade the running one first:

    1. Delete the faulty device from your HA cluster
    2. Upgrade your running device to the same version like the RMA replacement unit
    3. Connect the replacement unit and your cluster should be back again

    Another option would be:

    1. Ask support to provide the needed firmware. They did provide me one in the past.
    2. But I would recommend to update afterwards.

    Regards,

    Thomas


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
Reply
  • Hi Patrick.

    You won't have to change the serial in myutm because your license is normally included in the backup.

    First of all I would advise you to check if the replacement unit has the same hardware revision like the one in production. Currently we are getting sometimes RMA devices for HA clusters where the hardware revision does not match. Therefore check this here (Sophos Firewall, UTM, AP, RED: Find the revision number)

    There would be another option to bring your cluster back to production, but with the risk, that you have to upgrade the running one first:

    1. Delete the faulty device from your HA cluster
    2. Upgrade your running device to the same version like the RMA replacement unit
    3. Connect the replacement unit and your cluster should be back again

    Another option would be:

    1. Ask support to provide the needed firmware. They did provide me one in the past.
    2. But I would recommend to update afterwards.

    Regards,

    Thomas


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
Children
  • Another option would be:

    1. import the backup to the new/replacement device // check configuration within new device 

    2. power up and change cables from old running to new device

    3. upgrade old device and rebuild cluster


    Dirk

    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.