Astaro ASG Sophos UTM went to version 9 a few months ago. With it came loads of features, but i want to focus on the “reserve node” feature in a High Availability configuration.

Sophos releases new features/bugfixes on a regular basis, so i recommend you review what’s in the new versions under the Up2date section.
The Feature “keep node(s) reserved during up2date” is a feature that appeared in version 9 and will upgrade ONLY the master node so you can switch back in case of an emergency. You can find the feature under Management > HA > configuration:


After updating the system from v9.003 to v9.004 this will give me:


If i give the master a shutdown i will be running v9.003 again:


Some considerations though:

  • Even though a failover/switchover will be very quick, this will interrupt your connections for a brief moment.
  • Rebooting Node2 will switch the master momentarily to the Node1 during the reboot, but will switch back to Node2 after it comes back online. So if you want to run the older version, be sure to shutdown the node with the newest version.

Update: I saw that this post didn’t say if the master or the slave will be updated first. Here’s the answer;

Comments are closed.