New Thread to cover changes / feedback / experiences.
"Old" MR3 Thread: https://community.sophos.com/xg-firewall/f/discussions/123403/xg-firewall-v18-mr-3-feedback-and-experiences
Release Notes: https://community.sophos.com/xg-firewall/b/blog/posts/xg-firewall-v18-mr4-is-now-available
For XG Appliances, running in Active-Passive, we can accelerate more performance with the new fastpath technology. You should see more performance throughput on XGs running in Active-Passive.
The HA Setup…
Updated From MR3 to MR4 Active/Active HA Software Appliance . System Is working Fine. Now Shown In Central as HA . Good work.
- HA cert sync finally looks fixed hooray, thus you need to deregister both appliances first.
- Messages on the dashboard: This tombstone still remains, even not synced between devices in HA, when you failover you have different messages. Why can we now clear theese once and for all??
Best regards Martin ;-)
Sophos UTM Certified Engineer v9.7Sophos XG Certified Architect v18.0Homelab: 2 x SG210 XG v18 (HA A/P) - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)
What's behind theese (in more detail)?
The HA Setup process is improved, hence it will show more information, if the setup process missed something and failed. Instead of showing "Failed", it shows more information, what caused the failed setup process. Also the upgrade shows more alert in case of failure.
Thanks for the quick reply :-)
I have just tried to update my Active-passive setup and it denied it what ever I did.
I then de-activated the HA Pair, and defaulted the original setup.
I have now been waiting for the HA setup to continue which is taking soo long.
I will then refresh the page, and go to system and it just sits there refreshing the page.
it was all working fine from 17.5 up to 18 mr3, but now nada, any ideas, I will have a look at the logs when I can
XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!
What do you mean by "it denied it"? How did you build up the HA?
the deny it that I could not update the HA pair while it was active, and would not update the firmware.
Did you upload & boot the new firmware and did you doublecheck the correct firmware used? Also did you verify in the logs, if the was a alert about this deny? Because i upgraded by now, multiple HAs and never had this issue.
Do you have a screenshot of this?
Haven't checked the logs yetbut this is what I am left with
now going to system services, it just sit there, waiting for it to refresh the page .... it's been there for over 20mins even though there is not passive unit attached, and it was doing this as well for well over an hour when it was attached.
I did a reboot (on both units) before I started, and then tried to just upload the new firmware and that is where I was not allowed to upload the firmware.
this is when I de-activated the HA Pair, and updated the firmware ...tried to re-create the pair, and that is the last full action.
I am now trying to find a way to de-activate HA from CLI