Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 9392 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update in hot standby

AreshAreshi

Hi,

I have a question regarding the updates.

We have 2 SG310 in Active/Passive mode. when an update is relaese we just install it on the Active UTM and then automatically is installed on the slave node.

in the current config I can see that option "Keep node(s) reserved during the update" is not selected.

could someone tell me if we should enable this option or not? and if we select this option how we must update the slave node?

Thanks



This thread was automatically locked due to age.
  • 0

    I always use this option, because it is very usefull.

    I do it like this:
    * restart slave
    * wait for "fully functional" mail
    * restart master (master changes to slave)
    * wait for "fully functional" mail
    * restart is not necessary but may prevent from problems during up2date
    * upgrade to latest version now (slave is updated and changes back to master)
    * test functionality
    * wait at least one work day

    case: good
    * management > High Availability > Slave > upgrade node
    * wait for "fully functional" mail

    case: fail
    * if loosing quarantined mail is not critical
    * switch off master with new version
    * slave with old version changes back to master
    * downlad the ISO from current version
    * disconnect the device with the new (problem) version from network
    * reimage the device to the old (working) version
    * reconnect the reimaged device
    * wait for "fully functional" mail

  • 0 in reply to offn
    Hi Offn,

    Thanks for your detailed info, really appreciate it. I thought if we use this option and then something goes wrong we dont need to re image the de device, but it looks like that we have to re image it after all.

    If I understood you correctly after enableing the option to install the updates,

    1. as you said the restart is bot neccery.
    2. install the update and this will update the slave.
    3. slave will reboot and become the master.
    4. Master node become the slave.
    5. leave this for a week or so.
    6. management > High Availability > Slave > upgrade node.
    7. updated node reboot and stay slave.

    is these steps correct?

    Thanks
  • 0 in reply to AreshAreshi
    The steps are correct.

    I always restart before upgrading, because some people, that didn't restart their devices befor upgrading, reported troubles at restart after upgrade...
  • 0 in reply to offn

    Thanks for the reply again,

    you mean before installing the update just go ahed and restart the Master right?

    Thanks

  • 0 in reply to AreshAreshi

    like I described in my first post...

Unfiltered HTML