Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 181 replies
  • Answers 1 answer
  • Subscribers 76 subscribers
  • Views 35314 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v18.5 MR2: Feedback and experiences

LuCar Toni

https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr2-is-now-available

Release Notes: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_185_rn.html

"Old" V18.5 MR1 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/128960/sophos-firewall-v18-5-mr1-feedback-and-experiences/

"Old" V18.0 MR5 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/127053/xg-firewall-v18-mr-5-feedback-and-experiences

Please review: https://support.sophos.com/support/s/article/KB-000043489?language=en_US



Prio
[gesperrt von: LuCar Toni um 8:07 AM (GMT -7) am 26 Mar 2022]
Parents
  • 0

    Hi all, 

    we need to plan an update from18.0 MR 4 to 18.5 MR2 or later to 19.0  depending if some of the known issues are fixed before. Any how we run a XG in Active/Passive mode. We are not allowed to have bigger impact then a session reconnect for those apps which are not willing to move properly. As i treat this whole update as an "OS change" i expect stuff break  but i try to get a better view what i should expect or e.g. HA will be broken during update as both node will reboot simulatnous - such things. anyone have some input here ? The release notes gave not away much to work with. 

    So the most pressing question is behave that update like a normal one - patching passive first, failover, patch new passive , failback ? Or is it more adviseable to beak HA patch the "passive" , take conf from the active , point any client to the patched node and make it the active one. patch the other node, at best kill the config - and bring it as emtpy box back to cluster ? 

    Tbh it is hard to estimate how to work this update - as in past i encounter lot strange things with the OS release on different boxes.

    regards 

  • 0 in reply to Steffen Seitz

    Hi

    Last week I updated XG310 in HA (Active/Passive) from 18.0 MR5 to 18.5 MR2. Did not break HA, just did an update. First it updates passive device ( it took around 10 minutes), when passive device reboots with new OS it becomes Active device. When it switched from Act/Pass 2 pings are lost and all VPN reconect, and all SSL VPN sessions drop. Then the other device gets upgraded (also 10 minutes). Basically that is it. I had no problems. It probably also depends on how complex your configuration is. For failback I read a KB that you need to break HA and revert and set up HA again with old OS.

    BR

Reply
  • 0 in reply to Steffen Seitz

    Hi

    Last week I updated XG310 in HA (Active/Passive) from 18.0 MR5 to 18.5 MR2. Did not break HA, just did an update. First it updates passive device ( it took around 10 minutes), when passive device reboots with new OS it becomes Active device. When it switched from Act/Pass 2 pings are lost and all VPN reconect, and all SSL VPN sessions drop. Then the other device gets upgraded (also 10 minutes). Basically that is it. I had no problems. It probably also depends on how complex your configuration is. For failback I read a KB that you need to break HA and revert and set up HA again with old OS.

    BR

Children
No Data