High Availability (HA) is a clustering technology which is used to maintain uninterrupted service in the event of power, hardware or software failure. Sophos Firewall devices can be configured in Active-Active or Active-Passive HA modes. The Devices (The Primary and Auxiliary Device) are physically connected over a dedicated HA link port.
In Active-Active mode, both the Primary Device and Auxiliary Device process traffic while the primary unit is in charge of balancing the traffic. The load balancing is decided by the Primary Device. The Auxiliary Device can only take over if the primary unit experiences a power/hardware/software failure.
In Active-Passive mode, only the Primary Device processes traffic while the Auxiliary Device remains in stand-by mode, ready to take over if the Primary Device experiences a power/hardware/software failure.
Applies to the following Sophos products and versions Sophos Firewall
system diagnostics show version-info
Note: In ideal condition, it would take around 5 to 6 min to start DDNS service in the Auxiliary device in the event of failure.
Dedicated HA Link Ports connected directly over either a crossover or straight through cable
Dedicated HA Link Ports connected indirectly over a switch
To check the status of HA, go to the Control Center and locate the HA Details. It displays the configured HA mode.
HA status can also be verified from the CLI console by following the steps below:
system ha show details
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.