This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM525 to SG550 Upgrade

 We currently have 2 UTM525 security appliances configured in a Master/slave relationship and have purchased 2 SG550 security appliances to replace our UTM525's. Does anyone know what steps need to be taken to upgrade to the SG550 without any network downtime?

I believe we need to bring up one of the SG550's as a slave and get it configured and switch over to the master and set up the second SG550 as a slave after, but can find any steps to do this or any documentation on how to make the switch. 



This thread was automatically locked due to age.
Parents
  • Hi Ibrahim,

    HA is not supported between different Hardware Revisions.

    you'll need to create a Backup on your old cluster, import it into the new one and then plug cables.

    if you are well prepared you'll have 10 Mins Downtime.

     

    one other way would be to do a parallel deployment and migrate service by service with small downtimes for each service.

    the benefit would be

    1th: that you would not have one hard cut

    2nd: you'll need to reconfigure manualy what will point you to some obsolete configuration fragments

    Yours Lukas

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

  • Lukas, I've developed a quicker way to do this resulting in downtime of under a minute:

    1. Leaving the old devices with Ethernet connections, continue as follows...
    2. Login to WebAdmin on the old device and confirm on the 'Hardware' tab that the Virtual MAC are set and will be in the backup.
    3. Power up only one of the new devices.  I assume that both are on an equal-or-higher version than the old units and have been Factory Reset.
    4. After you've restored the configuration to the new device, confirm that the Virtual MACs for each NIC is identical to the corresponding one on the old devices.  This allows you to avoid having to reboot your routers and switches.
    5. Power the old Slave down.
    6. Power the old Master down.
    7. Move the WAN connection(s) from the old Master to the new device.
    8. Move the LAN connection(s) from the old Master to the new device.  Users should now have Internet
    9. Move the other Ethernet connections from the old Master to the new device.  All function should be restored.
    10. Move all Ethernet Cables from the old Slave to the new device that is still powered down.
    11. Power up the new Slave and you will have a fully functioning Hot-Standby after the sync is complete.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Do you still have to do this process for a SG to SG upgrade or can you plug in a new hot standby and let it sync?  The original poster was referring to a UTM to SG upgrade.

     

    We have a HA Active/Passive pair of SG310s that we are replacing with a pair of SG330s.  It would be nice to power down the passive unit and plug in the new unit and fail over to it.

Reply
  • Do you still have to do this process for a SG to SG upgrade or can you plug in a new hot standby and let it sync?  The original poster was referring to a UTM to SG upgrade.

     

    We have a HA Active/Passive pair of SG310s that we are replacing with a pair of SG330s.  It would be nice to power down the passive unit and plug in the new unit and fail over to it.

Children