Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 1299 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrading to v18 causes HA Pair to stop working.

Edward Higgins

I have recently attempted to update XG230's and XG330's to v18.  All my companies firewalls are in an HA cluster.  The update breaks the cluster causing one of the units to be unreachable and unavailable for the HA Pairing.  

Do I need to unpair the HA cluster and perform the updates separately?  I have had it fail 3 times on separate pairs.  Not a good track record.



This thread was automatically locked due to age.
  • 0

    hello, fortunateley I have not met it yet (made upgrade at two clusters); which version do you upgrade from to which version ?

  • 0 in reply to Petr Odvarka1

    Sometimes from 17.9, sometimes from 18.01.  It's happened both ways.

  • 0

    Coming from V17.5, both appliances will reboot simultaneously. 

    Coming from V18.0, it should move one by another. 

    See: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/haStartupGuide/concepts/HAFirmwareUpgrade.html

    How long was the uptime of those clusters? 

    I always recommend to perform a takeover (Reboot both appliances) to check, if both appliances actually come back up after a reboot process. 

  • 0 in reply to Edward Higgins

    I just finished another cluster from 18.3 to 18.4 - without problems. But I make effort to have latest versions at each time (with two weeks delay with checking experience; there vere some versions skipped in past); it means I have small difference between versions)

  • 0

    I had the same problem. I have 2 XG310 in HA and it broke HD cluster when doing the update. I was running V17.5 MR14 on both XG310. It prompt me saying both firewalls will reboot simultaneously but decided to only update auxiliary device to V18 causing both devices to have identical IP setup and act both as primary. Caused bit of network drama until I took the auxiliary device offline. Since then I have taken HA off and plan is to update V17 one to V18 and re-create the cluster again. 

  • 0 in reply to LuCar Toni

    Hello, I saw the problem today. I prepaired two fresh units for customer. I configured cluster with very basic configuration. No rules. Two productional interfaces (LAN and WAN) only. I started upgrade from 17.5.12 (units vere delivered iwith this version) to  18.0.4 and it failed.

    Strange result. Primary unit was not upgraded. Secondary unit was upgraded and there was the only interface – HA link after upgrade.

    I was able to connect to secondary unit (via HA and CLI) and fill there command for reboot with older image (rebootfw f 1) but it did not work (no reboot realised).

    I had to reboot unit to default (it worked) and after configuration reboot it with older image via GUI.

    I did upgrade to 17.5.15 – it was OK.

    After that I did upgrade to 18.0.4 (form 17.5.15) and it worked well as well.

    My conclusion – do upgrade from the most fresh version in train.