Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 41 subscribers
  • Views 6046 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

High Availability Peer Sanity Check Failed

DaMaN841

I've finally had time to spin up another ESXi Server in my HomeLab, and now that Allow High Availability with DHCP is viable I went to setup an Active-Passive High Availability solution like I've been using in UTM 7/8/9 since forever, however, it keeps prompting the error: "Unable to connect with peer device".

I've confirmed through the XG Firewall Diagnosis Tools that each instance is able to ping one another as well as enabling both Ping and SSH on the DMZ port (HA Link).

I've executed the following:

tail -f /log/applog.log | grep ha
enableha: enableha called from GUI
enableha: peer sanity check failed

I know back in the UTM days, Active-Active wasn't allowed with a Home License, however, Active-Passive was, so any guidance to what isn't compliant or copacetic, I'd really appreciate it!

Cheers,
Kyle



This thread was automatically locked due to age.
  • 0

    Hi,

     

    can you give us more information on both appliances?

    You have to / should do the HA setup on second appliance while setup of the aux.

    The AUX Appliance will get an own license (build up on the master serial number).

    https://community.sophos.com/kb/en-us/125612

    • If a Software/Virtual device is used, you need to purchase only one Base license and once that Serial Number is registered, SF-OS will manage the creation of the Passive appliance; there is no need to purchase a separate Base Firewall license for the Passive device or a separate serial number.

    Just give us some screenshots.

    Cheers

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Apologies for the delay.

    On two separate ESXi Hosts, each running one instance of Sophos Software/Virtual. I attached a screenshot of the primary and auxiliary systems. I did create the auxiliary system by cloning the primary system, could that cause an issue?

    Cheers,

    Kyle

  • 0 in reply to DaMaN841

    As a prerequisite, you have to check the SSH access is enabled on port4 on both appliances.

Unfiltered HTML