Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 4777 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG SF-OS Firmware Upgrade with Active/Passive HA - HA Broken after Firmware Update

bladefox3

2 x Sophos XG105 with 17.5.0 GA Firmwares in HA Active/Passive Mode

Initialized firmware upgrade during a scheduled maintenance window to 17.5.8.MR-8.

Firmware upgraded one of the appliances successfully, however, the secondary is inaccessible now and failed to firmware update.

My HA was connected via Port 3(DMZ) for HA using:

Unit 1 (Successfully Upgraded to 17.5.8 MR-8)

Port1(LAN): 192.168.35.1/24

Port3(HA/DMZ): 10.1.1.1 255.255.255.252

Unit 2 (Did not process firmware as far as i can tell, HA was disabled as a result of the attempt to firmware upgrade, I did not initiate an HA disable)

Port1(LAN): 192.168.35.1/24

Port3(HA/DMZ): 10.1.1.2 255.255.255.252

 

The Management IP i selected on initial HA setup months ago was: 192.168.35.2, but does not respond.
The Monitored Interfaces were Port1 and Port2(WAN)

Any suggestions how to access the second unit without driving almost 100 miles to this location?

Thank you,

bf3



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    system ha show details

    Result: HA is disabled

    Advanced Shell commands dont show anything either (ran the same commands on both units)

    As mentioned before, the firmware upgrade procedure disabled the HA during the firmware upgrade. the secondary unit also disabled HA, and unbound all interfaces but Port3/DMZ used for HA

    The only reason i can connect to the UNIT2 is via Putty into UNIT1, then ssh admin@101.1.2 (UNIT2)

    Thanks for your help.

  • 0 in reply to bladefox3

    Did you try to simply reboot the second apply one time? 

    Seems like the other appliance is in some sort of strange condition therefor the HA broke. But actually its good, you have still access to the other appliance. 

    Would suggest to reboot the other appliance one time, check which firmware applies. 

    But if the command as suggested does not work, maybe the other appliance has some trouble with the firmware update. 

    If you travel to the other site, pick up a Stick with you, prepared to reimage. https://community.sophos.com/kb/en-us/126906

    Would be the fastes way to get back running, to simply reimage the second node and include it back to HA.