This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LAN Link aggregation or LAN Failover

Hi All,

We've had a core switch failure today. We used to have a Sophos UTM where it allowed us to configure LAN Aggregation. I can't seem to see this on the XG.

Is it possible, i really could do with connecting the XG to an additional core switch to protect against a failure such as what we've experienced.

thanks



This thread was automatically locked due to age.
Parents Reply Children
  • if you have another interface configured on the LAN zone and under the device access if you have allowed HTTPS access on LAN than you'll be able to access the appliance. But if non of the interface is active then you will not be able to. So better configure a temporary interface and connect a direct laptop/machine... 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • understood, but could i do this via central off site via WAN if i have enabled firewall management. I'll of course configure an additional port for LAN access outside of the LAG scope "just incase"

  • Yup, if sophos Central service is enabled for firewall management and as far as WAN connection is active. you are good to go and access the appliance via Sophos Central firewall management. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • excellent thanks again. i'll report back tomorrow. Planning on doing this at home tonight out of hours.

  • This seems* to be ok after creating the new AGG group on ports 1 & 5. I did this remotely from Sophos Central via the firewall manager.

    Before i did this i connect to the site using Sophos connect and did a few things before hand (like doing a back up).

    I've rebooted the XG and reconnected via Central. I can ping internal (LAN) pcs via the new AGG interface so i assuming all is fine?

    *That being said. I don't seem to be able to VPN back into the site via Sophos connect, and all the sophos access points are showing as "inactive". I hoping this is a central bug? :s

    I'll be on site early tomorrow just in case. Anything that could have caused this?

    I connect to the firewall via central, unbound the single LAN port (port1) and noted it's settings. Created a new AGG interface with Port 1 & 5 (both unbound) and entered the address details noted above. 

    EDIT: looking at the VPN logs on the xg. i'm getting rejected because of wrong credentials. go figure ? 

    Regards

  • Seems that there's a bug... if i set the lagg to "auto negotiate" the speed, i can't communicate to the LAN, if i set it manually to 1000 everything is fine.

    I can see all the Access points and vpn back into the site. i can now access all lan resources.

    .......that was a long night....... still better now than during production.

  • Hey ,

    Yup, that's true this has been reported bug: NC-92783.
    Work around is: change the speed settings to manually. 
    This will be fixed in the next release of the firmware i.e. SFOS 19.0.1 MR1

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • All sorted now, up and running with a LAN LAG link. Thanks for all your input.

    Cheers

  • Cheers

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.