Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 41 subscribers
  • Views 9391 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network switch configure for Sophos HA

Stuart James

Interested in what other people have done with network switch configurations when using Sophos HA.

Documentation on their website covers the Sophos configuration, but doesn't really talk about what to do on the switch side of things, although it does say to disable STP, which makes sense.

We've always used a single trunk (LAG) binding one port on each switch together and plugging one of the Sophos units in to each one. Is this what most people do, or are other people simply using dumb ports and not worrying about creating a trunk/LAG?

docs.sophos.com/.../index.html



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

    in my setup I use 2x XG210 (HA - active / passive) and 2x Aruba (in stack).

    On the XG I use 2 ports in LAG for the uplink (1 cable down to each switch), on the switches I configured the ports as trunks (2 trunks with 2 ports on each switch).

    In my case 1 XG and 1 Switch can fail at the same time.

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • +1

    Hi,

    in my setup I use 2x XG210 (HA - active / passive) and 2x Aruba (in stack).

    On the XG I use 2 ports in LAG for the uplink (1 cable down to each switch), on the switches I configured the ports as trunks (2 trunks with 2 ports on each switch).

    In my case 1 XG and 1 Switch can fail at the same time.

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to Thomas_XG

    Yep, that's how I have mine configured as well.

    Wondered if others had a dumb switch with Sophos taking care of comms. Appears to be the Sophos way given they've recommended STP turned off.

  • 0 in reply to Stuart James

    Just curious: why would someone use a "dumb" (if you mean unmanaged with dumb) switch on an enterprise-grade setup (HA)? The way the Sophos is used in this scenario means you have some critical infrastructure in use so an "normal / dumb" switch should not be used.

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Thomas_XG

    Bad choice of words. I meant an unconfigured Port in VLAN 1 (no trunk), which, looking at the link LuCar just posted is how Sophos is recommending the setup, which explains the disabling of STP

Unfiltered HTML