Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Azure HA


Can anyone confirm that I understand this correctly: There is no way to get Active-Passive or Active-Active HA working in Azure with 2 XG instances as Azure does not support MAC spoofing. 

Manually configure HA in Azure - Sophos Firewall -> since here only one Firewall gets created

Additional configuration for virtual hosts - Sophos Firewall -> and this one mentions allowing MAC spoofing for hypervisors in order to get HA working 

So, does this mean I should just use a single XG instance instead of two in Azure?

This thread was automatically locked due to age.
Parents Reply Children
  • Azure uses SD-Network technologies to connect devices. The rules "of the old world" like ARP and other stuff does not apply there anymore. If you change for example the default gateway to another device, the device is fully offline. Therefore, you will not get the link between both appliances, and you will not get the ARP change to virtual running. 

    You could disable ARP Spoofing on SFOS in the WebUI, which uses the physical MACs, but even then, you have a "vIP", which will be used. Azure does not allow a IP Move from A to B.