USG Flex 500H HA mode firmware upgrade with MFA

Mk88_it
Mk88_it Posts: 67  Ally Member
First Comment Friend Collector Third Anniversary
in USG FLEX H Series

Hello,

We have two 500H in HA mode and we would upgrade the firmware. We are trying to follow these instrutions from the manual:

Firmware Upgrade on Paired Zyxel Devices

1First, upgrade the firmware to the passive device.

2After upgrade, the passive device becomes the active device and handles all traffic during the firmware upgrade.

3Firmware is then upgraded to the passive primary device.

4After the firmware upgrade is complete on both Zyxel Devices, the primary device becomes the active device again.

We have activated MFA for admin user.

From the LAN of primary device we can reach the secondary passive device using the HA management IP but when the device requests the MFA code, this message is displayed

image.png

So, the question is: How we can upgrade the firmware of the passive device?

Thankyou

Accepted Solution

  • Zyxel_James
    Zyxel_James Posts: 759  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    The steps you mention is the procedure when paired HA firewalls upgrade the firmware, you don't need to upgrade the passive firewall by yourself.
    You only need to upgrade the active firewall, then the paired HA firewalls will automatically operate the steps you mentioned, so eventually the passive firewall will be upgraded. You don't need to manually upgrade the firmware for the passive firewall.

All Replies

  • Zyxel_James
    Zyxel_James Posts: 759  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    The steps you mention is the procedure when paired HA firewalls upgrade the firmware, you don't need to upgrade the passive firewall by yourself.
    You only need to upgrade the active firewall, then the paired HA firewalls will automatically operate the steps you mentioned, so eventually the passive firewall will be upgraded. You don't need to manually upgrade the firmware for the passive firewall.

  • Dylan96
    Dylan96 Posts: 31  Freshman Member
    Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security First Comment Friend Collector

    @Zyxel_James what happens when updating the active firewall? does the passive automatically come in?

  • Zyxel_James
    Zyxel_James Posts: 759  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    Yes, you only need to upgrade the active firewall, then both firewalls will automatically follow the steps in the article. Eventually, both firewall will be upgraded.

  • Mk88_it
    Mk88_it Posts: 67  Ally Member
    First Comment Friend Collector Third Anniversary
    edited May 15

    Hello @Zyxel_James I can confirm what you wrote. I tried a manual firmware upgrade with 132ABZH0ITS-0423-250300903.bin through the primary device and the things went as written in the manual.

    image.png image.png

    Thank you

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)