This is my last discussion of the week...promise! Everybody has been so helpful this week; I really appreciate it!
Long story short: when setup as active/passive and the auxiliary takes over, does it take the IP of the primary? The reason I ask is we…
Hi all,
we have on our WAN interface an additional IP address (Alias ). For this IP are 2 DNS Hostnames registered. On firewall runs a Reverse Proxy on the Alias IP. We did not see any issues when the users access Hostname1. Some users reports, that…
Hi all,
today I made an manual failover to the auxiliary device. On the auxiliary device the XFRM interfaces began to flapping. On both tunnel ends I had many interface up and down events (ervery few seconds). The IPSec Tunnel itself seems to be stable…
Hi everyone,
i've this problem, when i try to upgrade the firmware from 19.0.1 to 19.5.0 manually with signature file on XGS136 the firewall cluster start to flot from
primary - auxiliary to standalone - fault...
This happens only if one of the…
Hi there
We're trying to set up a High availability environment (active-passive) using this documentation: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/HighAvailablityStartupGuide/HAConfiguration/HAQuickHAConfigureActivePassive…
Hello,
I have to device XG 210 with HA and registered both in sophos central but now i have notification for lost connection for along time
{ sophos xg Last seen 9 hours ago }
Hi,
I've recently read that, there is an issue with licensing after failover. Could you help me here?
We have a XG-125 Active-Passive Cluster (V19.1 Firmware) and currently the former auxilary is "primary". The former "primary" holds the licenses…
Currently we are suffering a conflict of roles between 2 firewall XG330 in HA ACTIVE-PASSIVE: both think they are the primary.
LAN MASTER. 192.168.100.16/23 PORT1 cisco gi1/1. PORT 6 USED FOR HA DIRECT CABLE to AUXILIARY
LAN AUXILIARY. 192.168.101…
Hi , I want to know if the VPN site to site is supported on HA in Active - Passive mode , cause i noticed whenever auxilary is in control , the VPN goes down . Is it a nomal behaviour or i should create a tciket ?
Hello Community,
it's quite easy to connect two Firewalls to have a HA Cluster.
But the next step is to connect every port of both Firewalls to the corresponding network. It's still quite easy to connect e.g. both LAN and DMZ ports to the LAN and…
Has anyone ever successfully managed to lite-touch provision an active-passive HA-pair using Sophos Central?
Central says „ To add firewalls in an HA pair, enter both serial numbers (primary firewall first) separated by a comma. “ but adding two serial…
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
What is Azure Stack Hub?
Network infrastructure…
Hello,
Im trying to implement HA active-passive and i want to know what is the purpose of DMZ between the active/passive firewall, and if it's mandatory or i can ignore it.
Thank you.
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Overview
This article describes how to implement a full Active…
Hi,
im just having a quick question. Our two XG450 are splitted between two datacenters. The dedicated HA Link is connected via Fibre. All other links are connected to the switches inside the datacenter. Sadly one of the SFP died last week, but the…
Hi,
We have sophos xgs4500 and 19.0.1 MR1 firmware. we configured LAG in LAN side with 2 interface. We have setup both firewall as active-active. After this setup, we are getting invalid tcp state log and some website stopped working. Later on HA…
Hi - I have 2 550 firewalls in HA and at one point years ago I think I uploaded a .sig firmware file and did the upgrade that way which ended up rebooting both firewalls at once. Since then I just wait till there's a popup window saying there's an update…
Hey all,
I am deploying two XGs Home license in HA mode (active-active), the setup is successful and HA status in the webadmin is : " Established (Active-Active)"
But I noticed when I checked the ha details in the console the Load Balancing status…
Hi,
we have a HA cluster that is in standalone/faulty state. The faulty device (standby) is still reachable through SSH over the HA link but as far as I can see it has the same IP configured on the LAN interface and so I cannot reach it through the…
We moved two XGS136s from IDC1 to IDC2, the network configuration is the same, but after the firewall is turned on, we send the HA status display abnormal, as shown in the following figure:
In addition: Manually triggering HA failover has also happened…
Hello Sophos Community,
we have to Layers of Firewalling 2 FortiGates installed in HA AP, and 2 Sophos XGS 3300 installed in AH AP.
We want to connect the Two Layers of Firewalls directly using Full Mesh Connected Topology (The figure in the attachement…
Hello everyone,
I realized that in HA config of a XGS it's only possible to add a interface to the list of monitored Interfaces if it has a zone and an IP assined to it natively. Here is my example:
So if I want to add Port 4 to the list of monitored…
Hello,
I am reaching out to the community as I am struggling to find any documentation/pointers on where to go. I am sure this forum has a number of experts who will be able to help.
We are currently in the process of implementing VLANs and in…
Dear all,
a customer of mine has 2 XG210 in HA mode (Active/Passive) that are running with the firmware version 18.5. I have to upgrade the HA to the version 19.0 and I'd like to know if I can upgrade/migrate the firmware without un-mounting the HA…