This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrade HA Active/Passive array to latest version.

Good morning all,

I hope you're all well.

I'm looking for some advice on the most expeditious and least disruptive method to upgrade an HA array to the latest firmware version. It's a UTM SG330 setup in HA active/passive mode and the firmware version is 9.702-1.

The customer is highly risk averse and supports several hundreds of remote users via remote access vpn. It is essential that disruption is kept to a minimum. Multiple or lengthy outages need to be avoided if possible.

Does anyone know the most direct path from the current firmware to the latest version?
Would it be quicker to reimage/rebuild the array at the latest version and import the latest backup? Is it possible to import a backup from the current version to the latest version?

Thanks in advance,

Neil.



This thread was automatically locked due to age.
Parents
  • Hello ,

    Thank you for reaching out to the community. 

    When you upgrade an HA device, the process is as follows:

    1. The primary device (device A) upgrades the secondary device (device B).
    2. Device B runs the new firmware and takes control of the network. It's now the primary device and device A is the secondary.
    3. Device A then upgrades and runs the new firmware. It's still the secondary device, but if you have configured the other device as a preferred primary, then the cluster will failover.


    Now you are currently on 9.702-1., there are a couple (approx. 23 new updates) of firmware in between and the process mentioned above will continue to follow until you reach to the latest firmware i.e.  9.711-5

    A direct path can not be followed. So, in that case re-imaging will be much more quicker and a one time process. 

    Yes the backup can be restored from an older firmware to the newer/equivalent  firmware but can not be done vice-versa.




    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello ,

    Thank you for reaching out to the community. 

    When you upgrade an HA device, the process is as follows:

    1. The primary device (device A) upgrades the secondary device (device B).
    2. Device B runs the new firmware and takes control of the network. It's now the primary device and device A is the secondary.
    3. Device A then upgrades and runs the new firmware. It's still the secondary device, but if you have configured the other device as a preferred primary, then the cluster will failover.


    Now you are currently on 9.702-1., there are a couple (approx. 23 new updates) of firmware in between and the process mentioned above will continue to follow until you reach to the latest firmware i.e.  9.711-5

    A direct path can not be followed. So, in that case re-imaging will be much more quicker and a one time process. 

    Yes the backup can be restored from an older firmware to the newer/equivalent  firmware but can not be done vice-versa.




    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Children
No Data