Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 6 subscribers
  • Views 2204 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Replacing faulty SG210 in HA setup

PatrickLaw

Hi,

I have a set of SG210 running UTM 9.510-5 firmware with active subscription.

Recently 1 of the SG210 had problem and we RMA the unit, a replacement unit was sent to us, but with a higher firmware version (9.705). I checked the Sophos UTM download page and seems UTM 9.510-5 is no longer available for download any more.

May I know what is the correct procedure to join the replacement unit back to the HA cluster?

1. Backup config file from existing working SG210
2. Go to MyUTM, license for the old faulty unit and change the serial number to the new unit
3. Go to High Availability setting in the existing working SG210 and change the operation mode to Off
4. Upgrade existing SG210 to same firmware as the replacement unit (downtime expected)
5. Connect the HA ports for both units
6. Configure HA setting at existing unit
7. Connect the WAN and LAN port of replacement unit

Is the above steps correct?

Thanks.

Patrick.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Patrick.

    You won't have to change the serial in myutm because your license is normally included in the backup.

    First of all I would advise you to check if the replacement unit has the same hardware revision like the one in production. Currently we are getting sometimes RMA devices for HA clusters where the hardware revision does not match. Therefore check this here (Sophos Firewall, UTM, AP, RED: Find the revision number)

    There would be another option to bring your cluster back to production, but with the risk, that you have to upgrade the running one first:

    1. Delete the faulty device from your HA cluster
    2. Upgrade your running device to the same version like the RMA replacement unit
    3. Connect the replacement unit and your cluster should be back again

    Another option would be:

    1. Ask support to provide the needed firmware. They did provide me one in the past.
    2. But I would recommend to update afterwards.

    Regards,

    Thomas

Reply
  • 0

    Hi Patrick.

    You won't have to change the serial in myutm because your license is normally included in the backup.

    First of all I would advise you to check if the replacement unit has the same hardware revision like the one in production. Currently we are getting sometimes RMA devices for HA clusters where the hardware revision does not match. Therefore check this here (Sophos Firewall, UTM, AP, RED: Find the revision number)

    There would be another option to bring your cluster back to production, but with the risk, that you have to upgrade the running one first:

    1. Delete the faulty device from your HA cluster
    2. Upgrade your running device to the same version like the RMA replacement unit
    3. Connect the replacement unit and your cluster should be back again

    Another option would be:

    1. Ask support to provide the needed firmware. They did provide me one in the past.
    2. But I would recommend to update afterwards.

    Regards,

    Thomas

Children