I have a set of SG210 running UTM 9.510-5 firmware with active subscription.
Recently 1 of the SG210 had problem and we RMA the unit, a replacement unit was sent to us, but with a higher firmware version (9.705). I checked the Sophos UTM download page and seems UTM 9.510-5 is no longer available for download any more.
May I know what is the correct procedure to join the replacement unit back to the HA cluster?
1. Backup config file from existing working SG2102. Go to MyUTM, license for the old faulty unit and change the serial number to the new unit3. Go to High Availability setting in the existing working SG210 and change the operation mode to Off4. Upgrade existing SG210 to same firmware as the replacement unit (downtime expected)5. Connect the HA ports for both units6. Configure HA setting at existing unit7. Connect the WAN and LAN port of replacement unit
Is the above steps correct?
Was thinking of doing the following steps:
1. Load UTM 9.510-5 to replacement unit (sent email to Sophos support to request for ISO)2. Backup config from working unit and load to replacement …
Thanks guys, I may be going for Dirk's way as it may have a shorter down time?
1. can the config file of the existing version (9.510-5) be loaded to the newer version (9.705 or newer)?2. will the subscription be active once I power up the replacement unit and load the config file? or I just need to download the license file from MyUTM website and upload to the replacement unit?
My revised steps should be?
1. Power up the replacement unit, update to latest firmware version.2. Load the config file to replacement unit, from existing unit3. Load the license file to replacement unit.4. Switch LAN and WAN cable to the replacement unit.5. Disable HA at the existing unit6. Update existing unit firmware to be the same as the replacement unit.7. Reset existing unit to factory default (required?)8. Connect HA cables between the 2 units and configure HA from replacement unit
I've checked and both units are on the same hardware revision, so I guess should be fine.
You have to remember that you will lose a lot of information if you only restore the backup to a new factory reset device:
This is why I try to avoid this kind of replacement and I gave you the advice to get this version from support. That is why I would not go with Dirk's suggested way. My preferred way is to get the cluster up and running again. In your case there are three possibilities to bring up the cluster again without loosing the data:
Regarding those options only one of them will give you a chance to bring the cluster into production without downtime. This is option one.
Option 2 is the way with the least time and effort for you. But there is downtime while installing updates on the running device and a small risk to get in trouble during updates.
Option 3 is the one is the one I never use, because it is option 2 with additional work. I would upgrade the cluster to latest version after being back in production again.
If you agree with losing the data above, the steps would be:
If something got wrong you may put cables back.
Then on the old device: