As seen in the Diagram, I am trying to understand how this scenario will work with two XG devices at different location for High Availability. Does anyone have any idea?
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
XG HA needs a Link to each other.
If you can setup a Link between both, which has a very low latency, it will basically work.
But keep in Mind, Master will always answer all requests, Slave does not act at all.
If you have split scenario, it could be more efficient, to build two separate/Independent HA Clusters.
Especially if you Link is not direct (For example a fiber cable between both locations).
__________________________________________________________________________________________________________________
@LuCar Toni Thank you for that quick response but can you kindly school me more on how the configuration would look like considering the fact that the XG firewalls would be connected with a BGP and IPSec WAN link
It is basically not possible.
You need a direct Link between both appliances.
Therefore that is not present in your case.
__________________________________________________________________________________________________________________
Hello LEWOLAW,
We did it for one customer. You will need:
- ideally 1 Gb L2 fully transparent line between both locations ideally with jumbo frames support. Via this L2 link you have to interconnect all internal networks over separated VLAN networks, including the HA port at both locations.
- promote an identical public IP range at both sites via one ISP and BGP-4 protocol. This will ensure the same permanently available public IP range of your Internet connection at both sites.
You don't need anything else.The L2 line and Internet connectivity must have SLA-guaranteed providers.
Regards
alda