It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Update High Availability Clusters

  • Last updated on

To prevent downtime when updating your high availability cluster, block the virtual server on the secondary firewall. Then update the firmware on the secondary firewall. After the update, transfer the virtual server to the updated firewall and repeat the process with the primary firewall. Each firewall can only be updated to the next firmware version according to the migration path. If two updates are required, repeat the process below for each update package.

Step 1: Block the Server on the Secondary Firewall

When you block the server, the control service shuts it down and sends a signal that starts the server on the HA partner unit. Keep in mind that when you block a server, the control service cannot perform automatic failovers.

  1. Log into the secondary firewall.
  2. Go to CONTROL > Server.
  3. Click Block Server.
    Update02.png

Step 2: Update the Secondary Firewall

Update the firmware on the secondary firewall. For more information, see How to Install Updates via NextGen Admin or How to Update Managed High Availability Clusters with Automatic Failover.  

Do not interrupt the update. The updated system will reboot and display the new version on the console login prompt.

Step 3: Switch Virtual Servers to the Secondary Firewall

When you stop a server after it has been blocked, you are re-enabling the control service to perform automatic fail overs. When the server on an HA unit goes down or is blocked, the control service automatically starts the server on its HA partner.

  1. Log into the secondary firewall.
  2. Go to CONTROL > Server and click Stop Server.

  3. Log into the primary firewall.

  4. Go to CONTROL > Server page, and click Block Server.
    All the servers are taken over by the secondary firewall.

Leave the primary unit in standby mode until you have verified that the secondary firewall is operating correctly. You can verify this by stopping the primary unit servers.

Step 4: Update the Primary Firewall

Do not interrupt the update. Depending on the update, the firewall reboots after the update.

Step 5: Transfer the Virtual Server Back to the Primary Firewall

Manually trigger a failover to transfer the virtual server from the secondary to the primary firewall.

  1. Log into the primary firewall.
  2. Go to CONTROL > Server.
  3. Click Stop Server.
  4. Log into the secondary firewall.
  5. Go to CONTROL > Server.
  6. Click Block Server.
  7. Wait for the primary firewall to bring up the virtual server and then click Stop Server to place the secondary firewall in standby.