I have a HA pair of Sophos XG 310 firewalls on v17.5-MR12 - been running fine for a few years now.
The story begins...
I had port 2 WAN set up with an IP address and multiple alias addresses on top of port 2, + a VLAN interface on top of port 2 which also has multiple alias addresses. I deleted all the alias IP addresses from port 2 as well as from port 2 VLAN interface, deleted the VLAN interface on port 2, then I was left with a single IP address on port 2. At this point everything is fine.
I then changed the IP address on port 2, and after doing that I lost all access to the firewall. Note that i was managing it through Port 1 LAN. Looked at the LCD display and it showed "Please try after some time". Pulled the power on that one (i.e the current primary), and it forced failover to the auxiliary as expected. I was up and running instantly on the auxiliary once the primary showing that message was powered off.
Had the (now former) primary start back up again and HA joined. Started to have problems with SSL VPN not working (TLS negotiation failed). So we failed back over to the original primary unit.
Then again not long after that it showed again - "Please try after some time" on the same unit. Rebooted both firewalls. Now, the original Auxiliary simply will not join HA and it is showing as "faulty". Left it for more than long enough to allow it to join HA.
Confirmed all HA monitored ports are up. Connected a monitor to the original aux unit and it boots successfully.
What the heck happened??? What should I do?
This thread was automatically locked due to age.
