Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Disclaimer: This information is provided as-is for the community's benefit. Kindly contact Sophos Professional Services if you require assistance with your specific environment.
We can utilize the existing Zero Touch workflow to deploy a Sophos Firewall (XGS) Cluster in a HA Mode without much manual work.
In this recommended read, we’ll approach the workflow to deploy a Firewall Cluster with a rewire approach.
We will utilize Zero Touch for both appliances: New Techvids Release - Sophos Firewall v20: Zero Touch Configuration.
Zero Touch allows us to configure a Firewall and make it accessible from Sophos Central via SSO.
For Zero Touch to work, you need the serial number of the XGS Firewall, and Port2 (WAN) needs to have an IP that reaches the internet (Sophos Central).
We assume you want to use Port4 as a HA Port (directly connected). You can also use other ports or multiple Ports for HA.
You do not have to use the same approach. You could also connect AUX/Primary Port2 to your existing Network—it needs to have Internet access. We use the Primary in this scenario so as not to change your infrastructure.
In this approach, we do not need to change the existing configuration. It assumes you have a DHCP server with an internet connection that you will utilize for Zero-Touch.
If you have thoughts about those workflows or comments, feel free to post them or give me suggestions for improving them.
Sophos Techvids: Zero Touch Configuration - https://techvids.sophos.com/share/watch/TygYQm9ufcvFiJ9aAK7pit?vyetoken=$token_placeholder&autoplay=1
Zero Touch Configuration Documentation: https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/FirewallManagement/Firewalls/FirewallAdd/FirewallZeroTouch/index.html