Announcement

Collapse
No announcement yet.

Is there a way to keep a cold standy up to date?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is there a way to keep a cold standy up to date?

    Short story is i am away alot. I need to make sure if something goes south with hdd or hardware i can have the wifey simply swap a few things and be back online. I havent had to do a restore in a number of years so i dont even recall the exact process but that is on my short list to pull one of my otherwise unused fanless and get it prepped and ready for if that day ever comes. What i am curious about though, is there a way to keep what is effectively a cloned cold standby unit up to date with current software? Is the only way to once or twice a year power it on, install the latest iso and install the same version backup before putting it back away?

  • #2
    With all the experimental builds I run on my home network, I have to keep a spare on hand. I only bring the spare out when I need to upgrade it so it's on the same version as the main firewall. I use the backup uploaded daily to Google drive so their configurations are in sync.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

    Comment


    • #3
      Untangle is just another device on the network if you connect External.

      So if you want a cold spare ready, you just install the platform and connect External to the LAN like anything else. It won't route or bridge anything, but it'll be online and subject to automatic updates.

      Then in the event of a failure, you just swap it into position, restore your backup, and move your license.

      If you want to test things, restore without networking.
      Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
      NexgenAppliances.com
      Phone: 866-794-8879 x201
      Email: [email protected]

      Comment


      • #4
        Or go crazy and run VRRP hot spare in parallel. https://wiki.untangle.com/index.php/...iguration#VRRP
        Attention: Support and help on the Untangle Forums is provided by
        volunteers and community members like yourself.
        If you need Untangle support please call or email [email protected]

        Comment


        • #5
          That's by far the easiest way to keep things going, then you just do periodic restores without networking to keep the 2nd unit configured.
          Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
          NexgenAppliances.com
          Phone: 866-794-8879 x201
          Email: [email protected]

          Comment


          • #6
            Originally posted by jcoffin View Post
            Or go crazy and run VRRP hot spare in parallel. https://wiki.untangle.com/index.php/...iguration#VRRP
            Would be nice to have a passive license for the 2nd vrrp member, vs a full license. Sophos, Juniper, etc all do this when you run them in an active/passive state.

            Comment


            • #7
              Originally posted by jcoffin View Post
              Or go crazy and run VRRP hot spare in parallel. https://wiki.untangle.com/index.php/...iguration#VRRP
              Check that your ISP will give you more than one public IP though as each Untangle will need one.

              Comment


              • #8
                Originally posted by tjk View Post
                Would be nice to have a passive license for the 2nd vrrp member, vs a full license. Sophos, Juniper, etc all do this when you run them in an active/passive state.
                What Untangle needs is simply a command center designation that allows us to pair a VRRP partner. So that when the primary faults, the secondary automatically gets the license moved.

                But before that really has value, we need working configuration sync... right now VRRP will fault, and the 2nd unit will take over. But until you restore the most recent backup from the primary without networking, you're missing settings. Even if you do restore without networking... you're potentially missing settings.

                And then you can move the license easily enough... but Untangle needs a ton of work getting the configurations straight before any of this automation makes sense.
                Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
                NexgenAppliances.com
                Phone: 866-794-8879 x201
                Email: [email protected]

                Comment


                • #9
                  Couldn't agree more on tagging it as a partner and having it move the license, but that will impact revenue.

                  As for config sync, I've been testing the template in CC, and it eventually updates the 2nd unit with the config settings, minus networking. I think they should sync some of the network stuff, like port fwds, filters, etc. Leave the interface stuff alone, but having to enter rules in two places is wonky for sure.

                  Comment


                  • #10
                    I don't think Untangle lacks the ability to automate license location due to revenue constraints. I think it's just that the Command Center isn't ready for it. Untangle got into the cloud management game VERY late.
                    Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
                    NexgenAppliances.com
                    Phone: 866-794-8879 x201
                    Email: [email protected]

                    Comment


                    • #11
                      As usual all great info, ill get to playing this weekend and figure out what will work best. Thx all.

                      Comment

                      Working...
                      X