This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Failover/Load balancing seperate sites

Hi All,

we have a Sophos (virtual) UTM installed in our head office that holds all of our production environment (100Mb), we have multiple remote sites that run Red Devices to connect back to it.

 

Our "main" second site is configured (at the moment) to connect back to head office via IPMAN network.  we are moving away from the IPMAN and getting a dedicated internet connection (50Mb), Im looking to configure a second UTM in this location, my question is I would like to be able to use this second UTM as a failover option (in the event the main fails) to be able to access our production environment, I dont see how this could be possible though without the IPSEC tunnel up? Should i try to create an IPSEC connection direct to our HQ Router

the other thing would be good to have load balancing between the 2 sites, again not sure if this is possible.

 

Below is an attachment (Basic) of the setup proposed. 

 

IPSEC Basic.pdf



This thread was automatically locked due to age.
  • Hi, Dan, and welcome to the UTM Community!

    I think you haven't gotten a response because it's not clear what "failover" means in this context.  What functions were you hoping to achieve when what fails?  The REDs connecting to the other UTM?  Clients able to reach web sites hosted internally?  ???

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hey Bob! thanks for your welcome.

    Apologies! I should have been a little clearer, So if our HQ's UTM was to crash (non ISP fault) i would like clients to be able to access our production environment located in the HQ, File servers, web servers etc.  

  • The first thing I would do would be to create a Hot-Standby UTM in a VM in a different physical server.  There's no additional licensing cost.  A failover to the Slave takes a few milliseconds, so only up/downloads and real-time things like VoIP are interrupted.  Here's a sample diagram that should also include separate UPSs for the two physical servers:

    Is the "router" to which you referred in your first post the UTM or a separate device?

    Cheers - Bob 

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA