XGS136 HA: HA status is not displayed properly after failover

Hi hongbo,

You may check the logs for further checking, before retrying to break and re-build the HA

cat /log/msync.log | grep “ha:”

cat /log/applog.log | grep “ha:”

or you check the link: support.sophos.com/.../KB-000035558

Hello  Erick,

Thank you for your support i have two questions for you to ask:
1、 During the HA role election, the passive device will restart and delete all configurations except the management port and HA configuration. After HA negotiation, will manual HA failover be the same as the initial negotiation process?

2、Only one link is configured on the XG HA heartbeat interface. If the HA heartbeat interface fails, HA will have a serious impact. Is there any other link that can be used as the HA Backup interface?

Hongbo Xia said:

After HA negotiation, will manual HA failover be the same as the initial negotiation process?

Yes, under normal conditions, the auxiliary device is automatically synchronized with the primary device. The ability to synchronize peers is determined by the states of the devices in the cluster. and in your case when the device in the primary state goes into the fault, but not when it goes into the auxiliary state as below : 

Hongbo Xia said:

Only one link is configured on the XG HA heartbeat interface. If the HA heartbeat interface fails, HA will have a serious impact. Is there any other link that can be used as the HA Backup interface?

Multiple Dedicated HA link ports is not supported as of now.

Regards

Hi  Bharat,

First of all, thank you very much for your support, and I have another question for you，

1. Previously, after we completed the establishment of HA, the port 7 IP of the Auxiliary device could not be accessed on the intranet, and the terminal computer could be accessed directly connected to the port7 port. Why? ( Port7 is used to manage both primary and auxiliary devices, that is, the management port)
2. There are two devices sf1 (primary) sf2 (Auxiliary). When I turn off both devices, I turn on sf2 first. At this time, we find that there is an abnormality in HA. Standalone is turned on first, and then Faulty is turned on. Does this have anything to do with the boot order?
3. In the process of converting to auxiliary, will the primary experience the "Faulty" state,? (that is, primary --> Faulty--> auxiliary)

Can you share the current status for the below steps with a screenshot from both Sophos XG : 

CONFIGURE-->System services ->High Availability -->High Availability status?
CONFIGURE-->Network-->Interface status ?(hide the public IP if any)
System->Administration -->Device Access

Regards

At present, the HA cluster status of the two devices is normal, ha ha

Sorry I can't provide you with screenshots.

Check by Specify if the system should fallback to the primary device when it recovers under CONFIGURE-->System services ->High Availability -->High Availability status. In the event of a failover, traffic will be routed through the auxiliary. If you want this to automatically move back to the primary device when it recovers, select this option.

Note If the device is in standalone or fault mode, this functionality will not be supported.

Make sure you select all "connected" or plugged interfaces under Select ports to be monitored in HA setup.

Thanks and Regards

Check by Specify if the system should fallback to the primary device when it recovers under CONFIGURE-->System services ->High Availability -->High Availability status. In the event of a failover, traffic will be routed through the auxiliary. If you want this to automatically move back to the primary device when it recovers, select this option.

Note If the device is in standalone or fault mode, this functionality will not be supported.

Make sure you select all "connected" or plugged interfaces under Select ports to be monitored in HA setup.

Thanks and Regards