In some scenarios, HA is configured between two locations. The most reported problems are link problems because the Master node cannot find the Standby node. An issue can also occur wherein the HA link is flooded by a large amount of traffic. This is a typical case scenario where the PMTU is overlooked by the UTM due to jumbo frames.
16:05:04.036177 00:1a:8c:65:52:4e > 01:00:5e:00:00:32, ethertype IPv4 (0x0800), length 2010: 198.19.250.1.36339 > 126.96.36.199.3780: UDP, length 1968 16:05:04.036186 00:1a:8c:65:52:4e > 01:00:5e:00:00:32, ethertype IPv4 (0x0800), length 2006: 198.19.250.1.36339 > 188.8.131.52.3780: UDP, length 1964 16:05:04.036194 00:1a:8c:65:52:4e > 01:00:5e:00:00:32, ethertype IPv4 (0x0800), length 2002: 198.19.250.1.36339 > 184.108.40.206.3780: UDP, length 1960
This can occur due to the following:
This article provides information regarding the interface settings for the UTM HA cluster and how to resolve the MTU error for the HA interfaces. The following sections are covered:
Applies to the following Sophos products and versions Sophos UTM Software Appliance
Yes, the UTM cluster heartbeat link requires jumbo frame support, as long as the HA interface is on a 1000 interface. This was designed for performance reasons. In general, it is recommended that jumbo frame support is enabled for the switch. If this is not possible, please set the two switch ports to 100F. This will set an MTU of 1500 on both interfaces and allow the cluster to be successfully activated.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.