Convert XGS 4500 HA from Active-Passive to Active-Active

Question

Hello all, 
 I'm in the process of replacing infrastructure hardware and I'm working on additional redundancies. I'm currently replacing my core switches with an active-active HA pair. I plan to route all traffic through the firewalls for scanning (North/South, and East/West). My XGS 4500 HA is currently configured as A-P. Converting this to A-A should allow me to connect each core switch to each firewall for a fully redundant solution. 
 My question is whether or not the XGS 4500 HA pair can be converted to A-A without needing a full reconfiguration? If a reconfiguration is necessary could a backup configuration be used without overriding the A-A setup? Are there any caveats I should be aware of with how the XGS 4500 handles traffic in an A-A configuration?

dirkkotte · Accepted Answer

Hi Fizzle, recreating HA is not very complicated. you remove the slave from ha/remove the HA config an get a standalone device. now you can configure a new HA as active-active. but i think you didn#t get more redundancy with this action. active-activ ha is for load sharing primary ... as i know. you should not get additional wiring options .... please correct me if that is the case ... be aware, with active-active ha, you need all licenses twice. 
 Maybe you would like to share your ideas about cabling with us?

LuCar Toni · Answer

SFOS HA is a full load balancing option in terms of offloading traffic. Your Primary will be still the one appliance accepting all traffic. 
 See: https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/HighAvailablityStartupGuide/AboutHA/HAArchitecture/index.html#virtual-mac-address 
 The Primary will get all requests in both scenarios. 
 A-A means, you will have to buy another license for your cluster. Is your current solution out of capacity?

Convert XGS 4500 HA from Active-Passive to Active-Active

Top Replies