Hi All,
We've had a core switch failure today. We used to have a Sophos UTM where it allowed us to configure LAN Aggregation. I can't seem to see this on the XG.
Is it possible, i really could do with connecting the XG to an additional core switch to protect against a failure such as what we've experienced.
thanks
Unbound Example can be seen below:
excellent thanks again. i'll report back tomorrow. Planning on doing this at home tonight out of hours.
This seems* to be ok after creating the new AGG group on ports 1 & 5. I did this remotely from Sophos Central via the firewall manager.
Before i did this i connect to the site using Sophos connect and did a few things before hand (like doing a back up).
I've rebooted the XG and reconnected via Central. I can ping internal (LAN) pcs via the new AGG interface so i assuming all is fine?
*That being said. I don't seem to be able to VPN back into the site via Sophos connect, and all the sophos access points are showing as "inactive". I hoping this is a central bug? :s
I'll be on site early tomorrow just in case. Anything that could have caused this?
I connect to the firewall via central, unbound the single LAN port (port1) and noted it's settings. Created a new AGG interface with Port 1 & 5 (both unbound) and entered the address details noted above.
EDIT: looking at the VPN logs on the xg. i'm getting rejected because of wrong credentials. go figure ?
Regards
Seems that there's a bug... if i set the lagg to "auto negotiate" the speed, i can't communicate to the LAN, if i set it manually to 1000 everything is fine.
I can see all the Access points and vpn back into the site. i can now access all lan resources.
.......that was a long night....... still better now than during production.
Hey JohnHilton,Yup, that's true this has been reported bug: NC-92783.Work around is: change the speed settings to manually. This will be fixed in the next release of the firmware i.e. SFOS 19.0.1 MR1
Thanks & Regards,
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
All sorted now, up and running with a LAN LAG link. Thanks for all your input.
Cheers
Cheers JohnHilton
Hi John,
Please set the link in the LAG interface to active/backup else you cannot connect a LAG interface to two switches.
Bart van der Horst
Sophos XG v18(.5) / v19 Certified Architecthttps://www.bpaz.nl
Is this defo the case? I currently have it set to lacp active/active........ however one switch is offline (waiting on a replacement power supply) hence the need for lag on the lans