LACP from Router to Active/Passive XG650 Pair

All, 

We are trying to figure out how to install two XG650 firewalls on our network. We currently have two Nexus switches that uplink to our router using ports that are using LACP. We want to put the XG650s in between the Nexus switches and router. Our XG650™s will be set up as active passive. 

The problem I see with doing this is how to uplink the XG650™s to the router. Since we are using LACP, I'm sure the members in the LACP pair must go to the same device (firewall) in order for the connection to be made. Is there a way to stack the firewalls or is there another way I can connect the XGs to the router and to the Nexus switches?

Original Setup

 

New Set Up

  • Josha Amune,

    good question. I did not try this configuration yet. You can try to use the Active-Passive LAG mode on XG side and see if it works on the Router side.

    https://community.sophos.com/kb/en-us/123100

    Let us know.

    Thanks

  • Hi Josha,

         I am setting up almost the same setup and would like to know how it went with the Nexus configuration have you use Layer 3 between the Nexus and sophos or L2 in VPC... Because what I am thinking is if you use L2 and VPC with a port channel with trunk to connect the nexus with the Sophos what will happen to load balancing. 

     

    If a user sending traffic via Nexus 1 and the sophos is doing load balancing will the sophos send the return traffic to core-2 for the same traffic. 

     

     

    Thanks

  • Hi,

    New Setup is only possible if Bith Sophos Devices are in the HA mode.