This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

high availability status UNLINKED every time I try to set it up

hi, I'm trying to set up an HA but every time  it starts syncing then end up with an UNLINKED status 

this is the guide I followed, and this is the solution I tried so far still not working

this is the master configuration


and this is the slave configuration



this is how my configuration is setup

 



This thread was automatically locked due to age.
Parents
  • There are some problems ... i think.

    1. The HA interface must be the same at booth firewalls.

    2. The corresponding interfaces at booth Firewall-Nodes must connect to the same Layer2 Network/Subnet (mostly)

    3. The SG-Nodes share the same MAC/IP-address for the non-HA-Interfaces


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • There are some problems ... i think.

    1. The HA interface must be the same at booth firewalls.

    2. The corresponding interfaces at booth Firewall-Nodes must connect to the same Layer2 Network/Subnet (mostly)

    3. The SG-Nodes share the same MAC/IP-address for the non-HA-Interfaces


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
  • 1. you mean eth0 eth0, eth3 eth3?

    2. not sure what you mean by this?

    3. they can't have the same MAC address, the IP address can be assigned the same one but there will be a conflict especially for the WAN NIC

  • 1. Yes, HA-Sync must be eth3 on both sides (or on another interface ... but the same on both sides).

    2. eth0 on device1 must see eth0 on device2 on layer2. The same applies to the other interfaces

    3. There is one virtual MAC per interface. Take a look at interfaces / hardware. During the failover, the virtual Mac and the IP address are sent to the second device.

    PS ... only one device is active at the same time ... with active/active HA too

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 1 & 2. ok I'll set it that way and test 

    3. ok so I should give them the same MAC address? for example, eth0 and eth0 should have the same MAC address

  • 3. you don't have to configure this by yourself.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • it worked, I made sure to use the same interface plus I changed the cable between the two machines from Straight-Through to crossover
    thanks for the help