cancel
Showing results for 
Search instead for 
Did you mean: 

Upgrading SA 2500 HA Pair

Highlighted
Not applicable

Upgrading SA 2500 HA Pair

I am helping someone upgrade their SA 2500 SSL VPN which is in a HA configuration. What is the recommended order of upgrading the pair? I assume the primary first, and then secondary? What is the best practice? Thanks in advance.

4 REPLIES 4
Highlighted
Regular Contributor

Re: Upgrading SA 2500 HA Pair

check the clustersettings and look which one is the active member (if using active/passive cluster). upgrade the one thats inactive and waiting for completion. it takes a while and then instructs the master to upgrade automatically while taking over the VIP.

actually its not important which one is done first (if you planned a downtime), cause it will instruct the other member automatically anyway.

Highlighted
Valued Contributor

Re: Upgrading SA 2500 HA Pair

If it is an active / passive cluster then you simply login to the VIP address and issue the ugprade command. The cluster will handle availability and it will be transparent to the user base.

Active / Active is where you will need to control the upgrade process.

Highlighted
Frequent Contributor

Re: Upgrading SA 2500 HA Pair

For an active / active cluster an upgrade on node1 will initiate successive upgrades on other nodes after completion.

If there is a load balancer which is accepting all incoming connections, the users should not see any difference as sessions are synchronized across nodes in an active / active cluster.

It is important to ensure that the nodes have adequate licenses to handle the additional user load coming from the node that is currently upgrading.

Highlighted
Respected Contributor

Re: Upgrading SA 2500 HA Pair

As others have said; the order doesn't matter.

You will want a downtime, in the event something unexpected happens, but once you start the upgrade on any node, it will complete and then push to the other node (and so-on until all nodes are upgraded).