Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 4443 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot access web admin of secondary HA firewall

Darth_Boss

I have 2 XG 330's set up in HA.  When trying to access the web admin of the secondary XG, it says "Only administrator can access the auxiliary device"

The account I am trying to log into the secondary XG with IS an administrator (as indicated on the primary XG, Configure, Authentication, the account is listed as Type "Administrator" with profile "Administrator", with read/write access to everything).  It is the same admin account I use to log into the primary XG without issue.

I have seen other posts with this problem but I have not seen a solution.  Why can't I log into the secondary XG with the same (administrator) account that allows me to log into the primary? 

 

Thank you



This thread was automatically locked due to age.
  • 0

    The Aux will only allow the "admin" user account. 

    This account should work. 

    __________________________________________________________________________________________________________________

  • 0

    Hi  

    As per XG HA architecture, authentication requested is getting handled by Primary appliance only. 

    Authentication service status on Primary appliance.

    # service -S | grep acc
    clientless_acce RUNNING
    access_server RUNNING

    With reference to above fact, authentication service status on Auxiliary appliance will always look like below which is expected in HA setup.

    # service -S | grep acc
    clientless_acce UNREGISTERED
    access_server UNREGISTERED

    Due to that reason any local user or administrator user trying to login on auxiliary appliance which required authentication service hookup during login will not allowed to login on Auxiliary appliance as service will not take any request for further process. 

    Super user(admin) will be getting authenticated directly and not part of this authentication process.That is the reason you will only allow to login on auxiliary via Super user ( admin).

    Hope above explanation will clear your doubt on this part..!

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to LuCar Toni

    Thank you LuCar!  This was the solution I was looking for. 

     

    Darth Boss

Unfiltered HTML