Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 6902 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG230 new master node comes with newer firmware version

Slick Fifty

We have a pair of XG230 running in HA active-passive mode. Both device had same firmware version of 15.01.0 MR- .

The master node went down and now the slave is running as standalone.

We have purchased a new XG230 but it comes with firmware version of 17.0.6 MR-6.

Anyone can advance on how I should re insert the new XG230 back into the HA cluster?



This thread was automatically locked due to age.
  • 0

    Hi,

    wow.. you still use V15?

    In this Case, would recommend build a new config with V17, because there are a lot of changes since V15. Sometimes the config migration does not work and so on.

    Cheers

  • 0 in reply to LuCar Toni

    Hi Manbearpig,

    I am thinking maybe I have 2 options:

    1. Downgrade the new XG 230 to firmware version 15 first. Then, the on the slave, remove the failed master node. Set the slave to preferred master. At last, configure automatic configuration on the new XG 230 in HA mode operation,  and connect it to the new preferred master (old slave) to allow auto sync.

    2. Backup the config on the old slave (now running standalone as master). Then restore the config on the new XG 230. Disabled HA mode on old slave. Configure HA mode in new XG 230 and set it as master. Then from master node, use up2date to download and install new firmware on slave (old slave and also remains as new slave)

    Do you have any recommendations?

    Thanks.

  • 0 in reply to Slick Fifty

    Hi,

    would recommend to do step 2, as V15 is already End of Life. https://community.sophos.com/kb/en-us/121502#XG%20Firewall%20Software

    But! I am not quite sure, everything migrates correctly. Saw couple of issues in the last 3 years in case of migration from V15 to V1X..

    So be careful, maybe you need to do a new configuration from scratch.

    Cheers

  • 0 in reply to LuCar Toni

    Thanks Manbearpig!

    How difficult is it to downgrade the firmware to v15? Maybe it's the easier the approach.

  • 0 in reply to Slick Fifty

    Hi,

    In fact, i think this is not possible at all.

    Because you need a old revision of the appliance and need to get the old ISO of V15.

    The End of Life indicates, that you wont get any support from sophos.

    So highly recommend you to do the upgrade.

    There are other security aspects to be on the newest firmware as well.

    Cheers