Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • Replies 0 replies
  • Subscribers 29 subscribers
  • Views 8917 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: HSRP Concept

Babavanga

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

In this configuration, we’re showing the working of Sophos Firewall with Cisco Proprietary protocol HSRP.

Topology

Cisco Router Configurations

Router 1

R1#sh running-config

version 15.5

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

bsd-client server url cloudsso.cisco.com/.../token.oauth2

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

cts logging verbose

!

redundancy

!

interface Ethernet0/0

 ip address dhcp

!

interface Ethernet0/1

 ip address 192.168.70.10 255.255.255.0

 standby 12 ip 192.168.70.1

 standby 12 priority 120

 standby 12 preempt

!

interface Ethernet0/2

 no ip address

 shutdown

!

interface Ethernet0/3

 no ip address

 shutdown

!

interface Ethernet1/0

 no ip address

 shutdown

!

interface Ethernet1/1

 no ip address

 shutdown

!

interface Ethernet1/2

 no ip address

 shutdown

!

interface Ethernet1/3

 no ip address

 shutdown

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 192.168.164.2

ip route 192.168.10.0 255.255.255.0 192.168.70.12

ip route 192.168.20.0 255.255.255.0 192.168.70.12

!

control-plane

!

line con 0

 logging synchronous

line aux 0

line vty 0 4

 login

 transport input none

!

ntp server pnpntpserver.localdomain

!

end

Router 2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

bsd-client server url cloudsso.cisco.com/.../token.oauth2

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

no ip domain lookup

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

cts logging verbose

!

crypto pki certificate pool

        quit

!

redundancy

!

interface Ethernet0/0

 ip address 192.168.70.11 255.255.255.0

 standby 12 ip 192.168.70.1

 standby 12 preempt

!

interface Ethernet0/1

 ip address dhcp

!

interface Ethernet0/2

 no ip address

 shutdown

!

interface Ethernet0/3

 no ip address

 shutdown

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 192.168.164.2

ip route 102.168.10.0 255.255.255.0 192.168.70.12

ip route 102.168.20.0 255.255.255.0 192.168.70.12

!

control-plane

!

line con 0

 logging synchronous

line aux 0

line vty 0 4

 login

 transport input none

!

ntp server pnpntpserver.localdomain

!

end

Sophos Firewall Configurations

Network

DNS

Routing

Routing Details

Result/Testing

We can send the traffic from PC1 to WAN and also see the failover (if R1 is down, traffic will automatically go to R2)



Added TAGs
[edited by: Raphael Alganes at 5:14 AM (GMT -7) on 18 Sep 2024]
Unfiltered HTML