Browse By Tags

  • Sophos XG Monitoring HA

    Hello Sophos and Community, this topic seems to be an problem for a long time and i have tried to figure out how but i just seems, that there is no way. We are using the Sophos XG Web API which is for at least some part documented ( https://docs…
  • XG310 19 HA Active Active & RED tunnel failover

    Hey folks, I have 2 XG 310 in an active-active HA. When failover occurs (Primary goes down), the RED tunnel goes down and there is no failover for the RED tunnel. I need to disable and re-enable the RED tunnel... Is it the correct behavior in…
  • HA Active-Passive | Some configurations points

    Hi all, i'm going to configure HA Active-passive, i'm reading many topics, but are not more detailed i need to know these: ( On auxiliary device) 1- What is the ip address to set on Port 1 (lan) on auxiliary device.Is't the same one on the primary…
  • RED tunnels not restablishing correctly after HA failover

    Hi, I've recently setup a HA active/passive pair of virtual XG firewalls running in VMware, with a branch office setup with a RED tunnel to the HA pair. Every time we trigger failover between the HA firewalls (ie rebooting or when I upgraded the firmware…
  • all XGS136 show errors and/or dropped RX packets on Port10

    Hi, we have 3 HA Active/Passive Clusters with XGS136. They all have Port10 as dedicated HA Port and are linked with 1m patch cables of good quality. All 6 nodes show dropped packets and some also show port errors on Port10 for RX only. Some of…
  • Sophos XGS HA Clustering with 4 devices

    I have a client who has purchased 4 XGS devices and wishes to have a pair located at main site and a pair located at backup site. Can I configure all 4 devices in one cluster and have a 1Gb heartbeat link across to the other site and still have high availability…
  • how to deploy sophos firewall on AWS Multi Availability Zone

    Hi, Can someone advise me on how to deploy Sophos firewall on AWS Multi-Availability Zone? Best Regards Nandakumar
  • LAG FW xg 550 I HA active-passive

    good, we have in our infrastructure 2 FW xg 550 I HA active-passive, and we want to connect them to 2 cisco cores, with the maximum number of 10 Gb fiber optic ports to the two switches. In the old documentation LAG indicated that a maximum of 4 ports…
  • XGS 136 Port Errors on HA Link

    Today we were alerted by CheckMK about some port errors on one of our 18.5 MR3 HA Clusters. The issue happened on the dedicated HA Port Port10 on which both machines are connected with 1m CAT6 cable. Of course, we could change the cable. But I'd…
  • Options for moving XG firewall in HA mode between physical locations

    Howdy! My company is moving our XG firewalls from one data center to another. The move requires configuration changes of various sorts (e.g., WAN port IP address). The firewalls are currently running in HA Active-Passive mode. I'll call the active device…
  • This is a question related to synchronization by configuring HA.

    Hi.. After changing from XG to XGS, portmgmt seems to have changed from its predecessor. When the HA configuration is synchronized, is the mgmt port setting synchronized? I would like to know if it is possible to use mgmtport to enable access to secondary…
  • Whole HA reboots when one monitored port fails

    Hello! As i mentioned in the title i unplugged the optical modem from our XG HA (Port1 is monitored in HA) and then the 2 XG's are rebooted simultaneously, why? Why does it need to reboot when a link fails? Is this normal behavior? Thank you
  • XG210 (SFOS 18.5.3 MR-3-Build408) - WEB/SSH/Panel administration crashed on active node

    Hello, this morning the still active node of one of our XG 210 cluster (latest firmware) crashed. It was not possible to administrate this firewall via https, ssh and panel. We needed to remove the power plug in order to get it running again. After…
  • 18.5 MR2 to MR3 Upgrade broke HA cluster and node not updating

    3 XGS136 18.5 MR2 HA Clusters updated to MR3 2 OK 1 failed The failed cluster sent us mails that the upgrade failed but the primary node did upgrade to MR3. Then we received mails that HA has been disabled You are receiving this auto-generated…
  • Auxiliary not reachable on peer Management IP due to missing route

    SFOS 18.5.2 We've noticed that the peer mgmt IP is not reachable from certain subnets, if the traffic is routed via l3 switch. investigation showed, that the auxiliary appliance did not sync all routes from the primary, thus it's not reachable from…
  • XGS 18.5 MR2 - HA could not be enabled

    What am I doing wrong here? 1st. on the AUX node I went to HA and initiated HA as aux there, selected HA peer IP 10.1.178.5 2nd I went to the PRIMARY node and configured it as primary, selected HA peer IP 10.1.178.6 found this old post, so…
  • BUG: "Fail back to primary device after it recovers"

    fyi In an A/S HA Setup. if the Auxiliary is active and you check the box " Fail back to primary device after it recovers ", it will always failback to the auxiliary and not to the primary. basically makes the auxiliary the preferred appliance. to…
  • XG Auxiliary boots wrong SFOS Version

    our customer replaced the Auxilary device in a XG A/S Cluster. The primary XG runs 18.5.1 and has no other software in the second boot partition the aux appliance was flashed with 18.5.1 but during the initial setup it automatically installed 18…
  • System services stuck on HA page

    I see this has happened to a few people before where you are setting up HA or have setup HA and for some reason when you click on the System services menu it gets stuck on the HA page and won't let you get past it. I have 2 x brand new XGS2300's to configure…
  • SFOS HA Cluster Primary hangs without Failover

    our customer has a HA Cluster containing 2x SG330 Rev 1 running SFOS 18.5.1 MR-1-Build326. within the same week the primary devices failed and did not failover to the auxiliary. It was necessary to manual power off the primary to trigger a failover to…
  • HA UNLINKED on Sophos UTM after nothing

    Hello, First of all, i wish you a Happy new year ! I'm writing to you because our customer has a Sophos UTM firewall in version 9.7 for almost 2 years. Our customer claims to have tested the Slave firewall in the meantime and it was working fine…
  • High availablity TCP port 2600

    We have 2x XGS2100 (SFOS 18.5.2 MR-2-Build380) in High availablity in (Active-Passive) They have a Dedicated HA link Dedicated peer HA link IPv4 address 192.168.10.2 Dedicated peer HA link IPv4 address 192.168.10.1 When I look in Log viewer…
  • Reaction to 100% SWAP usage

    Hi, any suggestion how to react to this high SWAP usage on a SG135? Firmware 9.707-5 Should I ignore it or flush something? It's HA.
  • Unable to join 2nd node of HA to Sophos Central

    Hello Community, I have an active-passive setup with two XGS 2300 (SFOS 18.5.2). HA is working. Both boxes are connected to the internet and LAN, also the HA-Link is established. The Firewall have 3 WAN Uplinks, but now only one is connected. Now…
  • HA Peer does not start

    Hey there, I´ve set up a Sophos XG cluster with 2 Sophos VMs. After the init the peer VM restarted but never came up. At a look at the console I saw this: A simple restart of the VM doesn´t change anything. How can I fix that? A memory and disk…