Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 1299 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrading to v18 causes HA Pair to stop working.

Edward Higgins

I have recently attempted to update XG230's and XG330's to v18.  All my companies firewalls are in an HA cluster.  The update breaks the cluster causing one of the units to be unreachable and unavailable for the HA Pairing.  

Do I need to unpair the HA cluster and perform the updates separately?  I have had it fail 3 times on separate pairs.  Not a good track record.



This thread was automatically locked due to age.
Parents
  • 0

    Coming from V17.5, both appliances will reboot simultaneously. 

    Coming from V18.0, it should move one by another. 

    See: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/haStartupGuide/concepts/HAFirmwareUpgrade.html

    How long was the uptime of those clusters? 

    I always recommend to perform a takeover (Reboot both appliances) to check, if both appliances actually come back up after a reboot process. 

  • 0 in reply to LuCar Toni

    Hello, I saw the problem today. I prepaired two fresh units for customer. I configured cluster with very basic configuration. No rules. Two productional interfaces (LAN and WAN) only. I started upgrade from 17.5.12 (units vere delivered iwith this version) to  18.0.4 and it failed.

    Strange result. Primary unit was not upgraded. Secondary unit was upgraded and there was the only interface – HA link after upgrade.

    I was able to connect to secondary unit (via HA and CLI) and fill there command for reboot with older image (rebootfw f 1) but it did not work (no reboot realised).

    I had to reboot unit to default (it worked) and after configuration reboot it with older image via GUI.

    I did upgrade to 17.5.15 – it was OK.

    After that I did upgrade to 18.0.4 (form 17.5.15) and it worked well as well.

    My conclusion – do upgrade from the most fresh version in train.

Reply
  • 0 in reply to LuCar Toni

    Hello, I saw the problem today. I prepaired two fresh units for customer. I configured cluster with very basic configuration. No rules. Two productional interfaces (LAN and WAN) only. I started upgrade from 17.5.12 (units vere delivered iwith this version) to  18.0.4 and it failed.

    Strange result. Primary unit was not upgraded. Secondary unit was upgraded and there was the only interface – HA link after upgrade.

    I was able to connect to secondary unit (via HA and CLI) and fill there command for reboot with older image (rebootfw f 1) but it did not work (no reboot realised).

    I had to reboot unit to default (it worked) and after configuration reboot it with older image via GUI.

    I did upgrade to 17.5.15 – it was OK.

    After that I did upgrade to 18.0.4 (form 17.5.15) and it worked well as well.

    My conclusion – do upgrade from the most fresh version in train.

Children
No Data