HOW DO I SETUP HA WITH XG FIREWALL AT DIFFERENT LOCATIONS

XG HA needs a Link to each other. 

If you can setup a Link between both, which has a very low latency, it will basically work. 

But keep in Mind, Master will always answer all requests, Slave does not act at all.

If you have split scenario, it could be more efficient, to build two separate/Independent HA Clusters. 

Especially if you Link is not direct (For example a fiber cable between both locations). 

@LuCar Toni Thank you for that quick response but can you kindly school me more on how the configuration would look like considering the fact that the XG firewalls would be connected with a BGP and IPSec WAN link

It is basically not possible.

You need a direct Link between both appliances. 

Therefore that is not present in your case. 

Lewolaw,

please read what KingChris shared here:

https://community.sophos.com/products/xg-firewall/f/initial-setup/117737/sophos-xg---ha-port-mtu

Regards

Hello LEWOLAW,

We did it for one customer. You will need:

- ideally 1 Gb L2 fully transparent line between both locations ideally with jumbo frames support. Via this L2 link you have to interconnect all internal networks over separated VLAN networks, including the HA port at both locations.

- promote an identical public IP range at both sites via one ISP and BGP-4 protocol. This will ensure the same permanently available public IP range of your Internet connection at both sites.

You don't need anything else.The L2 line and Internet connectivity must have SLA-guaranteed providers.

Regards

alda