WAN FAILOVER DUAL CONNECTION
I have a Sophos UTM9 cluster where each firewall is connected to two different ISPs (let’s call them WAN1 for Provider A and WAN2 for Provider B). Let’s name the interfaces 1-2 (node 1) and 3-4 (node 2).
I want that:
1) the traffic to failover from…
Node crashed after adjusting interface
Hello everyone,
Today I observed something interesting.
We run two SG450 appliances in an HA cluster.
An interface of a RED was incorrectly set to local eth0.
When we wanted to transfer the interface from local eth0 to the remote RED, our master…
My guide will be better
Hi, I have just confiuged HA as a networking layman an I think my guide will be better....just saying. I will post it via support once I have it in final draft
SOPHOS Purposefully Designs bugs into their Firewalls: Episode2 – Email Alerts, Green Statuses, and Routes
I’m documenting my numerous issues with SOPHOS Firewalls so that others can be aware of what they are getting themselves into.
Episode 1
community.sophos.com/.../sophos-purposefully-designs-bugs-into-their-firewalls-episode-1---vpn-failover-and…
Virtual MAC on Interface changes back on HA Mode
Hi! I am currently operating two Sophos UTM behind a router which is running great.
For redundancy reasons I now want to add another pair to operate in HA mode.
The issue: All UTM's use the SAME Interface MAC when switching to HA mode.
I can manually…
HA Failover Behavior - With and Without monitored Ports
https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/HighAvailablityStartupGuide/HAConfiguration/HARuntimeConfiguration/index.html#monitoring-ports
Please describe the intended HA behavior (active-passive) if there are no monitored…
Add KB for Error Message "HA could not be enabled" in HA Setup
Problem:
While configure the Primary Device in HA (active-passiv) you will get the non descritive Error "HA could not be enabled" if the HA Link is not up or the Peer Device is not reachable.
What To Do:
- Verify HA Interface Link is UP and Peer…
KB-000042455: Sophos Firewall: How to fix problems with enabling HA - Add reminder to check HA Interface Link Status
https://support.sophos.com/support/s/article/KB-000042455
Please add the following at "What To Do" - Check HA Interface if Link Status is up after enabling HA, otherwise check Cabling (Swap RX/TX on direct fiber connection between devices)
Sophos UTM HA Cluster Slave-Node erkennt Master als dead und hohe CPU Auslastung
Hallo zusammen,
in meiner Firma haben wir ein Aktiv-Passiv-Cluster aus 2 SG230, die je ein "4x 10 GbE SFP+ FleXi Portmodul [SGIZTCHF4]" eingebaut haben. Vor kurzem kamen neue VLANs und neue Switche (25GBit) dazu. Die neuen Switche sind am Portmodul…
firewall.management.ha.status._dynamic_._undefined_ Peer will join the central if not joined yet
What is this in Sophos Central Firewall Management?
1st thing: only 3 firewalls showed, need to go to second page to see more? why that - that is not userfriendly nor necessary.
2nd issue:
What is that warning message? Nothing has changed…
SG-330 Node2 Powers off during HA Replication
Hello all, Having some issues with a pair of SG-330's running in HA Active-Passive mode.
When I get Node2 powered on it stays on for about a minute, begins Synchronizing, and then powers off with seemingly no warning.
When I power Node2 on without…
HA Documentation makes no sense
Hey!
This article is totally senseless.
The initial device role of the auxiliary device has to be configured as auxiliary, not as primary!
Enhancing severity class of HA degrade
Hello,
we reinstalled our Sophos Cluster recently an a temporary hardware, reimaged our old hardware that has gone through x updates and transferred the configuration through the import/export. After 5 days the slave crushed and one day later the primary…
Can't turn off the HA on Master
When i turn off the HA on master device and refresh the page it turns back to old configuration, why can't i disable HA on master device.
HA Active Passive
Hi
We need to configure to UTM in Cluster HA Active Passive. What is the time for reconnecting network services when the master will be failed or gone?
Sophos UTM HA failover and Stacked Cisco Switches | Cisco loses connection to Sophos after a failover
Hello Community,
I hope someone could point me to the right direction on this.
My setup:
Two Sophos UTM SG210 running HA active/passive Two Cisco Stacked switches doing inter-vlan routing. I have a LAG (two ports) on the UTM, and I have a LAG (4…
UTM Block Communication - Only HA Failover can fix it
Hi Sophos Community,
I am probably a newbie with UTM but also our UTM consulting could not help us. Maybe you can point me in the right direction.
We have two Sophos UTM SG230 with failover configured. Since a couple of months we have the following…
UTM HA Confusions
I have been using Astaro/Sophos UTM for over 12 years now. The one thing that confused me was the one step not discuss regarding HA. There is no information/direction about creation of the 'Slave' node. Directions always begins with a n existing UTM to…
Manually create HA (instead of CloudFormation template) on AWS
Hello,
We already have a VPC setup on AWS with a single UTM instance. We are looking to convert the setup into high availability. Is it possible to do it manually (and add the cold standby instance to the existing VPC) or do we have to use the cloud…
HA Ausfall SG 105 / 9.705-3
Guten Tag,
ich habe hier zwei SG 105. Dort wurde gemeldet
HA/Cluster is active in mode HA with 1/2 nodes
Node2 war der Master und Node1 sei Dead. Ich habe hierauf das Patchkabel von beiden ETH3 getauscht, zur Sicherheit gegen ein neues CrossOver…
ha_daemon -c takeover no effect
Hi all,
due to a SFP change at one of our clusternode I was trying to use the
ha_daemon -c takeover
to change the active node. After hitting <enter> nothing happened and the node kept being the active node.
Cluster is a SG230 running firmware…
How to Configure XG SF-OS HA for Automatic Provisioning (Active-Passive) as you can in UTM 9.x?
In UTM 9.x you are able to drop in a second UTM, connect eth3, and light it up with Automatic Provisioning enabled. The UTM 9.x will run Up2Date to the matching firmware, synchronise and be ready to use within minutes. Can we see a video of XG doing the…
XG HA connect to Cisco Router
Hello How can I set up the router interface to connect to the firewalls?
Current Interface of router configuration:
interface GigabitEthernet0/1 ip address X.X.X.X 255.255.255.252 ip nat outside ip virtual-reassembly in duplex auto speed auto !…
Sophos UTM HA Cluster Node wechselt in nicht bestimmbaren Intervallen auf "DEAD"
Guten Tag liebes Sophos Forum,
ich habe momentan ein Problem mit zwei verschiedenen HA-Clustern.
Der erste HA-Cluster ändert den Status in unregelmäßigen, nicht wirklich bestimmbaren Abständen auf "DEAD" (Firmware: 9.703-3, Sophos SG115). Der Cluster…
Is it poosible HA between HyperV and Esxi virtual appliances?
I have two server: one esxi and one hyperv. I have an utm9 already installed on my esxi host. Im thinking that i will install an other instance of utm9 on hyperv host and make a HA.
Is it possible?