Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 4687 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 in AWS - How to convert from hourly (PAYG) to licensed (BYOL)

Rob75206

Hi,

 

We've been using the hourly (PAYG -Pay As You Go) version of UTM 9 in AWS and are planning to change to the licensed (BYOL - Bring Your Own License) version.

 

In order to test this, I made a backup of the config in our PAYG firewall, then launched a new BYOL firewall and restored the config to it. But after doing the restore, it became unresponsive and I cannot connect to the management interface anymore.

 

The single interface on the firewall was set to use DHCP, so it is not an IP addressing issue.

 

I am assuming that the problem is related to the fact that the PAYG AWS instance and the BYOL AWS instance are different AMIs (Amazon Machine Images), and that this is somehow causing a problem?

 

Can anyone provide guidance on how to convert from PAYG to BYOL in a way that you can retain your configuration? We have over a dozen of these firewalls, and rebuilding them all from scratch would be a nightmare.

 

Thanks in advance for your help!



This thread was automatically locked due to age.
  • 0

    Hi, Rob, and welcome to the UTM Community!

    This is a question your Sophos reseller can get answered for you.  In any case you will need a reseller to purchase a license.

    Cheers - Bob

  • 0

    Hi Rob,

    Sorry for this late reply but you should be able to do exactly what you describe which is to export/import your UTM configuration from a UTM PAYG AMI type, to a UTM BYOL AMI type. The only thing I can think of is perhaps the UTM import resulted in a high load on the EC2 Instance which then caused connection problems. What size EC2 instance were you using? If it's a small one then this could be the problem. If it wasn't then I'd confirm the security group settings on the device and then try to stop/start to see if it comes back. If nothing else works feel free to reach out to our team (iaas@sophos.com)for some assistance.

    Bill

  • 0 in reply to BillProut

    Hi Bill, thanks for your reply. I actually was already helped by another member of the Sophos team on this issue, but forgot to update this posting. So here is the fix for anyone else who is having this issue:

    Create a backup of the configuration of the PAYG firewall, but make sure you check the following two options before clicking "create backup now":

    • Unique site data (license, passwords, certificates/keys, endpoints)
    • Administrative mail addresses

    When you select these options, you can successfully restore the config to the BYOL firewall image with no problems.

    Thanks,

    Rob