Deploy two sophos in different locations sharing wan network and default gateway.


I am trying to deploy the following scheme.

A sophos xg at site 1 (WAN IP a.b.c.10)  and another sophos xg at site 2 (WAN IP a.b.c.11). Both share wan network (a.b.c.x) and have the same defaulf gateway (a.b.c.1).

The problem I am having in this situation is that  SophosB ip "a.b.c.11"  seems to be being published on SophosA too and is causing flapping on the CORES what is provocating network problems.

I think that I would need that each sophos xg publishes only the ips that it has defined in its interfaces, as aliases or in the NAT rules (public IP<-->internal IP).


Does anyone have any suggestions?
Thanks in advance.


Roberto Sánchez.

Edited TAGs
[edited by: emmosophos at 7:04 PM (GMT -7) on 22 Sep 2022]
  • Hi all,

    I think I figured out what is the problem. The thing is that in reality what is in each site is an active-passive HA cluster. From what I've been seeing, the virtual mac of each cluster matches hence the ARP problems.
    What I have to do is to change the mac in one of the clusters.

    I will try to see how to do it


    Roberto Sánchez.