This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LAN Link aggregation or LAN Failover

Hi All,

We've had a core switch failure today. We used to have a Sophos UTM where it allowed us to configure LAN Aggregation. I can't seem to see this on the XG.

Is it possible, i really could do with connecting the XG to an additional core switch to protect against a failure such as what we've experienced.

thanks

This thread was automatically locked due to age.

Top Replies

Vivek Jagad over 1 year ago in reply to JohnHilton +1 suggested

Unbound Example can be seen below:

0 Vivek Jagad over 1 year ago

Hello JohnHilton,

Thank you for reaching out to the community, please refer the follow doc/kba below for configuring the Link aggregation on SFOS [Sophos XG]
https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Network/Interfaces/NetworkLinkAggregationGroupAdd/index.html

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 JohnHilton over 1 year ago in reply to Vivek Jagad

Thanks for the reply, thank you for this.

I wanted to add this to our currently active "lan" port (port1) and inactive unbound port5.

The documentation states:

"Only unbound static physical interfaces can be members of the LAG"

i assume because our port1 (lan) is currently active, i can't configure this to a lag without "downtime".

Kind regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to JohnHilton

Yup, you'll need a down time.
==========================
Once configured you can verify with the following device console commands:
> show network lag-interface
> show network lag-interface < lag-interface> runconfig

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 JohnHilton over 1 year ago in reply to Vivek Jagad

Thanks again.

When it says "unbound" does it mean removed from the "lan" zone or just disconnected? do i need to add a static IP address to each of the member ports + the lag group (3 static IPs in total) or just a single static IP on the LAG i've created?

Sorry for all the questions, i'll be doing this via the GUI.

Kind regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to JohnHilton

Unbound Example can be seen below:

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel
0 JohnHilton over 1 year ago in reply to Vivek Jagad

That's great thanks, i'll book some downtime in and give it a go and report back.

cheers
Cancel
Vote Up +1 Vote Down

Cancel
0 JohnHilton over 1 year ago in reply to JohnHilton

one more thing, if i unbind my LAN port, i won't be able to connect to the gui...... could i do this off site via central?
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to JohnHilton

if you have another interface configured on the LAN zone and under the device access if you have allowed HTTPS access on LAN than you'll be able to access the appliance. But if non of the interface is active then you will not be able to. So better configure a temporary interface and connect a direct laptop/machine...

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 JohnHilton over 1 year ago in reply to Vivek Jagad

understood, but could i do this via central off site via WAN if i have enabled firewall management. I'll of course configure an additional port for LAN access outside of the LAG scope "just incase"
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to JohnHilton

Yup, if sophos Central service is enabled for firewall management and as far as WAN connection is active. you are good to go and access the appliance via Sophos Central firewall management.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel