Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 21957 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 330 HA - Active - Passive Setup

Desmond Besa

Hi,

 

I hope you are all doing well. I just have a stupid question to ask about the HA Setup for Sophos. We just purchased 2 Sophos XG 330 and I will set the HA up using the Active-Passive mode. I was just a bit confused in the how to:

 

https://community.sophos.com/kb/en-us/123174

 

 

Are all the IPs identical except for the Heartbeat interface? Because usually in Cisco ASAs you have to have different IPs on the Primary and Secondary Devices. 

 

And one more thing, if I configure the Active device, should it automatically sync with the Passive device?

 

Sorry I am just really new to Sophos.

 

Thanks in advance.

 

D



This thread was automatically locked due to age.
  • 0

    Desmond,

    The heartbeat interfaces as you can see have 2 different IPs. Both devices will use that port for sync and talk each other.

    Once you configured the first device, proceed with the cluster configuration so the secondary device can sync and receive all the configuration.

    Before enabling the cluster and after (when sync is complete) , create a config backup. You never know!

  • 0 in reply to lferrara

    One note:

    XG uses cyberoam cluster which is limited in terms of node and even the dmz zone to be used is not nice.

    Utm 9 can have up to 10 nodes in the same cluster and clustering is simple, no ip to configure on the slave node, nothing. Configure the primary appliance, enable the cluster, connect all the cable on the secondary node, turn it on and cluster will do the rest.

    Please vote the feature request.

  • 0 in reply to lferrara

    Hey Luk,

     

    yah I noticed that. I was just wondering about the Slave PC if I will use same IPS. Got it. I will configure everything on the Primary device first and enable HA later on. And for the UTM, I never knew that we can get the UTM. I thought everyone is moving to the XG platform. Our vendor never really informed us of that option.

     

    Thanks again for the reply and the patience.

     

    Thanks.

     

    D

  • 0 in reply to lferrara

    Another thing I wish I knew before I decided to upgrade to the XG.  I feel like I am migration backwards to a beta product.  Extremely frustrating.

Unfiltered HTML