Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG, configure cluster HA.

Gentlemen, I'm taking a beating from Cluster HA at XG, two days ago.

I have two Sophos XG VMS, on Virtualbox, I also tried on Vmware. I configured the HA as it has in the manuals of Sophos itself.
Every time I configure the Active / Active HA, the auxiliary XG restarts, its Port1 (LAN) interface remains with the same IP as the primary XG and from there I no longer access either.

Does anyone know where I'm going wrong?

Thanks !



This thread was automatically locked due to age.
Parents
  • Hi  

    Can you please try by enable MAC address spoofing on each adapter under VM? This is so that they can spoof the virtual MAC addresses of the virtual IP’s that are shared by the HA pair.

    Reference snapshot:



    After that try to access Primary and Auxiliary device on it's original LAN IP from the machine which is part of the LAN segment or LAN Interface of XG HA Pair.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  •  
    Thanks for the help, it worked, in the case of VMware the fields to enable are different, but that is the same thing as MAC Spoofing.
    After enabling, I was able to configure the cluster perfectly, I tested both the active / active and the active / passive.
    I'm putting an image here, with the configuration made in the PortGroup of the virtual Switch, in VMware.
     
     
Reply
  •  
    Thanks for the help, it worked, in the case of VMware the fields to enable are different, but that is the same thing as MAC Spoofing.
    After enabling, I was able to configure the cluster perfectly, I tested both the active / active and the active / passive.
    I'm putting an image here, with the configuration made in the PortGroup of the virtual Switch, in VMware.
     
     
Children
No Data