• XG 210 High Availability: IP for Auxiliary

    Jim Vaden
    Jim Vaden
    This is my last discussion of the week...promise! Everybody has been so helpful this week; I really appreciate it! Long story short: when setup as active/passive and the auxiliary takes over, does it take the IP of the primary? The reason I ask is we…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Strange issue on HA firewall: packets missing

    Ben@Network
    Ben@Network
    Hi all, we have on our WAN interface an additional IP address (Alias ). For this IP are 2 DNS Hostnames registered. On firewall runs a Reverse Proxy on the Alias IP. We did not see any issues when the users access Hostname1. Some users reports, that…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XFRM Interface flapping after HA failover

    Ben@Network
    Ben@Network
    Hi all, today I made an manual failover to the auxiliary device. On the auxiliary device the XFRM interfaces began to flapping. On both tunnel ends I had many interface up and down events (ervery few seconds). The IPSec Tunnel itself seems to be stable…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • HA flop on manual firmware upgrade to 19.5

    David Moro
    David Moro
    Hi everyone, i've this problem, when i try to upgrade the firmware from 19.0.1 to 19.5.0 manually with signature file on XGS136 the firewall cluster start to flot from primary - auxiliary to standalone - fault... This happens only if one of the…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Configure HA - "hauser" filed to login

    rexer
    rexer
    Hi there We're trying to set up a High availability environment (active-passive) using this documentation: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/HighAvailablityStartupGuide/HAConfiguration/HAQuickHAConfigureActivePassive…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Firewall XG210 lost connection with central

    Mina Moheb
    Mina Moheb
    Hello, I have to device XG 210 with HA and registered both in sophos central but now i have notification for lost connection for along time { sophos xg Last seen 9 hours ago }
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Who is the "hauser" user?

    Jaroslav Faldik
    Jaroslav Faldik
    Hello, Who is the "hauser" user in Sophos XG firewall in HA active-passive mode? The user connects from passive to active unit via SSH.
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG-HA-Cluster: License on Master after failover - can the former auxilary stay primary?

    TobiasGroene
    TobiasGroene
    Hi, I've recently read that, there is an issue with licensing after failover. Could you help me here? We have a XG-125 Active-Passive Cluster (V19.1 Firmware) and currently the former auxilary is "primary". The former "primary" holds the licenses…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Conflict in roles in HA

    Angelo Orlando1
    Angelo Orlando1
    Currently we are suffering a conflict of roles between 2 firewall XG330 in HA ACTIVE-PASSIVE: both think they are the primary. LAN MASTER. 192.168.100.16/23 PORT1 cisco gi1/1. PORT 6 USED FOR HA DIRECT CABLE to AUXILIARY LAN AUXILIARY. 192.168.101…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • HA WITH VPN SITE TO SITE

    support support18
    support support18
    Hi , I want to know if the VPN site to site is supported on HA in Active - Passive mode , cause i noticed whenever auxilary is in control , the VPN goes down . Is it a nomal behaviour or i should create a tciket ?
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Connection of two FW in a HA Cluster

    IT BLD
    IT BLD
    Hello Community, it's quite easy to connect two Firewalls to have a HA Cluster. But the next step is to connect every port of both Firewalls to the corresponding network. It's still quite easy to connect e.g. both LAN and DMZ ports to the LAN and…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Lite-Touch provisioning HA-Cluster

    soph-f
    soph-f
    Has anyone ever successfully managed to lite-touch provision an active-passive HA-pair using Sophos Central? Central says „ To add firewalls in an HA pair, enter both serial numbers (primary firewall first) separated by a comma. “ but adding two serial…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: Integration with Azure Stack-Hub

    Kranthi
    Kranthi
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents What is Azure Stack Hub? Network infrastructure…
    • over 4 years ago
    • Sophos Firewall
    • Recommended Reads
  • DMZ in HA active/passive Mode

    MMASLOUH
    MMASLOUH
    Hello, Im trying to implement HA active-passive and i want to know what is the purpose of DMZ between the active/passive firewall, and if it's mandatory or i can ignore it. Thank you.
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: Implement a full HA (inbound/outbound) on Azure

    DominicRemigio
    DominicRemigio
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Overview This article describes how to implement a full Active…
    • over 4 years ago
    • Sophos Firewall
    • Recommended Reads
  • High Availability - Dedicated Link Loss ( no split-brain )

    Stefan Hüning
    Stefan Hüning
    Hi, im just having a quick question. Our two XG450 are splitted between two datacenters. The dedicated HA Link is connected via Fibre. All other links are connected to the switches inside the datacenter. Sadly one of the SFP died last week, but the…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • invvalid tcp state and HA failed in active-active setup with LAG in LAN side

    Manohar Kumawat
    Manohar Kumawat
    Hi, We have sophos xgs4500 and 19.0.1 MR1 firmware. we configured LAG in LAN side with 2 interface. We have setup both firewall as active-active. After this setup, we are getting invalid tcp state log and some website stopped working. Later on HA…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to avoid a double reboot when doing a Sophos XG Firmware upgrade?

    Moltron5k
    Moltron5k
    Hi - I have 2 550 firewalls in HA and at one point years ago I think I uploaded a .sig firmware file and did the upgrade that way which ended up rebooting both firewalls at once. Since then I just wait till there's a popup window saying there's an update…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • HA in XG Home "Load Balancing status: Not applicable"

    Wadood
    Wadood
    Hey all, I am deploying two XGs Home license in HA mode (active-active), the setup is successful and HA status in the webadmin is : " Established (Active-Active)" But I noticed when I checked the ha details in the console the Load Balancing status…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • HA cluster problem

    kerobra
    kerobra
    Hi, we have a HA cluster that is in standalone/faulty state. The faulty device (standby) is still reachable through SSH over the HA link but as far as I can see it has the same IP configured on the LAN interface and so I cannot reach it through the…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XGS136 HA: HA status is not displayed properly after failover

    Hongbo Xia
    Hongbo Xia
    We moved two XGS136s from IDC1 to IDC2, the network configuration is the same, but after the firewall is turned on, we send the HA status display abnormal, as shown in the following figure: In addition: Manually triggering HA failover has also happened…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Bridge Interfaces for HA Full Mesh Connected XGS Firewall

    yelankoud
    yelankoud
    Hello Sophos Community, we have to Layers of Firewalling 2 FortiGates installed in HA AP, and 2 Sophos XGS 3300 installed in AH AP. We want to connect the Two Layers of Firewalls directly using Full Mesh Connected Topology (The figure in the attachement…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • HA monitored Interface + VLANs

    ThomasWeiss
    ThomasWeiss
    Hello everyone, I realized that in HA config of a XGS it's only possible to add a interface to the list of monitored Interfaces if it has a zone and an IP assined to it natively. Here is my example: So if I want to add Port 4 to the list of monitored…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Changing IP

    MAL
    MAL
    Hello, I am reaching out to the community as I am struggling to find any documentation/pointers on where to go. I am sure this forum has a number of experts who will be able to help. We are currently in the process of implementing VLANs and in…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG210 HA ver. 18.5.x to 19.0. migration

    Giorgio Premoli1
    Giorgio Premoli1
    Dear all, a customer of mine has 2 XG210 in HA mode (Active/Passive) that are running with the firmware version 18.5. I have to upgrade the HA to the version 19.0 and I'd like to know if I can upgrade/migrate the firmware without un-mounting the HA…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
<>