Dear I would like to share a bad experience I had in a migration from v17 to v18. and I need to expose it because it was a small environment that could be circumvented but there are other giant environments that need to be migrated and I cannot experience this problem again.
I went to migrate a very simple environment that works in the following way:
1 Sophos XG with two Vlans - Vlan 10 (Computers) and Vlan 15 (Servers)
Before performing the version upgrade everything was working perfectly, there was a firewall rule that allowed lan 10 computers to communicate with some services on vlan 15 servers.
After applying the upgrade to v18 when restarting sophos xg, the vlans simply stopped communicating with each other, the computers on Vlan 10 that previously received an IP address via DHCP already received more.
Computers on vlan 10 could no longer communicate with servers on vlan15 even if all firewall rules were intact as before. It was then that I detected it as if the XG Firewall did not recognize these vlans as if the tables that store this information in the database were deleted after the migration to vlan. I deleted the Firewall rules and recreated the same and also DHCP scopes and nothing and as if the Vlans were no longer in XG.
It was then that I decided to delete the Vlans from the XG Firewall and recreate them again. Then everything started to work and the xg Firewall recognized the vlans.
I found this behavior to be absurd, something extremely risky for a migration.
For this client, which was relatively small with 2 Vlans and few devices, was something to be overcome. However I have gigantic environments with more than 25 Vlans and hundreds of firewall rules per vlan in addition to hundreds of devices behind each vlan. This made me totally unsure of proceeding with a v18 migration because if this were to happen again it would cause a total stop of the network and the stop window is very short and it is impossible to recreate all the vlans and all the firewall rules again.
I need to understand why this happened to me and what I should do so that possible migration to v18 does not occur any loss of vlans. Please ask sophos to be involved in this case. We are partners of sophos and we have dozens of clients to migrate who work with vlans on the XG firewall and not go through it again.
This thread was automatically locked due to age.
