Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
hi, I'm trying to set up an HA but every time it starts syncing then end up with an UNLINKED status
this is the guide I followed, and this is the solution I tried so far still not working
this is the master configuration
and this is the slave configuration
this is how my configuration is setup
Hi zakaria zaki
Do you have any LAG interfaces created on the UTM? If so, you will need to disable HA link monitoring on that LAG interface from CLI.
In reply to Jaydeep:
thanks for the reply Jaydeep
no I didn't create any LAG interfaces
There are some problems ... i think.
1. The HA interface must be the same at booth firewalls.
2. The corresponding interfaces at booth Firewall-Nodes must connect to the same Layer2 Network/Subnet (mostly)
3. The SG-Nodes share the same MAC/IP-address for the non-HA-Interfaces
In reply to dirkkotte:
1. you mean eth0 eth0, eth3 eth3?
2. not sure what you mean by this?
3. they can't have the same MAC address, the IP address can be assigned the same one but there will be a conflict especially for the WAN NIC
In reply to zakaria zaki:
1. Yes, HA-Sync must be eth3 on both sides (or on another interface ... but the same on both sides).2. eth0 on device1 must see eth0 on device2 on layer2. The same applies to the other interfaces3. There is one virtual MAC per interface. Take a look at interfaces / hardware. During the failover, the virtual Mac and the IP address are sent to the second device.PS ... only one device is active at the same time ... with active/active HA too
1 & 2. ok I'll set it that way and test
3. ok so I should give them the same MAC address? for example, eth0 and eth0 should have the same MAC address
3. you don't have to configure this by yourself.
it worked, I made sure to use the same interface plus I changed the cable between the two machines from Straight-Through to crossoverthanks for the help