This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple Updates needed in HA Setup SG450

Quick follow-up to a previous question - my HA setup is now licenced for another 12 months, so all good there.

But the Master SG450 shows that 4 Updates are needed. Currently its running 9.711 and has the 9.712, 9.7.713, 9.714 and 9.715 updates downloaded and ready to install. I am VERY WARY of the 9.712 update as that's the one that broke a lot of things back when it came out - including some HA setups. I dont want to break the environment this early on in the relationship ;)

Usually, I'd schedule each update for alte at night and let it install, reboot and then have the next one scheduled for either an hour later or the next night but that 9.712 update is making me nervous. Do you reckon it would be better to simply remote in late at night and just click the 'Update to Latest Version' button instead and apply ALL of the updates in one go then reboot and hopefully it all comes back up without breaking my HA setup?

Stupid HA, making me second guess myself ;)

Any tips or advice is appreciated ;)



This thread was automatically locked due to age.
  • Hello  ,

    Thank you for reaching out to the community, Updates in High Availability and Cluster Mode:

    In a high availability system there is an active and a passive node. When a new update is available, the passive node installs the most recent update and takes over the role of the active node. After that, the new passive node also starts the update process.

    In a cluster you have several nodes: Master, Slave and Worker. If an update is available, the slave node and half of the worker nodes install the recent update. When the installation is finished, the slave node gets the role of the master. Then the other nodes start the update process. Therefore you have no service disruption. If one or more nodes are in SYNCING state, you cannot update Sophos UTM.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Your system may have downloaded 9.712-12 and that version remains on the slave device, even if your master says next up2date is 9.712-13.

    You can switch HA to manual, SSH into master and Slave and remove all files (or only the problem-version 9.712-12) from update folders of master and slave.

    rm -rf /var/up2date/sys-install/*
    rm /var/up2date/sys/*

    After setting HA to auto again, only the correct up2dates should be loaded.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Thanks Dirkotte - quick folowup:

    'Switching HA to manual' - I take it you mean jumping into the HA Configuration screen and selecting Manual rather than Hot Standby (active-passive), then apply. Then SSHing into the Master and doing those steps. Then SSHing into the Slave and repeating those steps. Then setting the Operation Mode back to Hot Standby.


  • sorry .... Switching up2date to manual


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.