Dear community
Today we had a problem with two XG 135 firewalls. The two firewalls where configured to run in a active-passive HA cluster.
A little while back the passive unit went to a faulty state.
We asked our customer try restarting the faulty…
Hello all,
is it possible to enable the Sophos Central Management on the auxiliary device in a HA via CLI? Due an HA problem I must rebuild the cluster and the 2nd node has not Central Management enabled. At the moment I don't want to make a fail over…
Good morning,
I have two clusters of XGS 2100 in HA (Active-Passive) running with the firmware version 19.5.0 GA-Build197. As per object, I am not able to set the preferred primary device on both the clusters. The error message is always the same: …
Hi,
I would like to remove an interface of a LAG (HA AP Setup with 2 Nodes, XG310 (SFOS 19.5.0 ). I removed port8, clicked save, then the XG rebooted and the 2nd node became active. There the interface was still present. A renewed reboot back to node…
Hellow I am following this configuration for failover:
https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Routing/Gateways/RoutingConfigureGatewayBalancing/index.html
I want to be sure if there is…
Hello:
I currently have an XG 210 and I am about to setup another one (same model) for High Availabilty. I had a couple of questions:
The current XG has a higher firmware version that the new XG. How do I upgrade the second onw to the same version…
After update to 19.5 the "invalid traffic" increases massive. It only shows when HA is up.
When i shut down one node, the "invalid traffic" disappeared. I see this issue on two customers.
Both had HA with 19.0MR1 and a update to 19.5GA.
Dissolving…
I have two sopos XG firewall sync with high availability. Now I want to upgrade their firmware. Now do the two firewalls have to upgrade the firmware separately? Or if the primary device is upgraded, the secondary device will automatically upgrade.
Interested in what other people have done with network switch configurations when using Sophos HA.
Documentation on their website covers the Sophos configuration, but doesn't really talk about what to do on the switch side of things, although it does…
Hello,
I have what is hopefully a simple question. My org wants to set up a remote office with redundant firewalls and ISP's to keep connectivity if one firewall fails or one ISP goes down. A colleague of mine told me that at a previous company, they…
Hi everybody,
We're experiencing a strange issue on a Sophos XGS 3300 SFOS 19.1 HA enabled.
The IT manager from the company who owns the firewall deleted the fw from their Central tenant as the log email said the device wasn't checking in since…
For the second time now we face an issue that we cannot login to XG with SSH. Either as admin or with the ssh keys we entered in WebAdmin.
XG430 (SFOS 19.0.1 MR-1-Build365)
This was first noticed when we upgraded from 18.5.4 to the current version…
We have a setup with 2 x XG230 configured with HA active / passive with PPPoE on PortA2. Primary Sophos PortA2 connects to ISP Primary router and Aux Sophos PortA2 connects to ISP Aux Router. Port A2 is set as monitored interface. ISP Primary router has…
Hi,
I have two nodes with HA going, and on primary node, I disconnect Wan port cable and hope HA will failover to my 2nd node, but it does not.
1. when I disconnect Wan cable, I do see interface on node showing red, meaning it had detected Wan…
Let me brief the topology, we have two WAN uplinks connected to a active -passive HA.
The issue is after initialization of HA one of the uplink status goes to RED.we are unable to use the 2nd ISP as a load balance
Designing the solution for redundant internet for a HA firewall.
The architecture I have in mind is:
Is this design complete or should I add additional items?
---
John
Hi Community and Sophos Guys.
As the title describes, I have to upgrade a Active / Passive Cluster SFOS V18.5.2 to V19.5 in a Production Environment.
This Production Environment uses XGS2100 as hardware, and have a maximum of 24h hours for a downtime…
I recently upgraded and moved XG 3300 into a full fledge production mode and after upgrading it to 19.01 MR1 i am seeing issues related to stability of the cluster. The main issue is after the Auxiliary device joins the cluster it stays as Auxiliary for…
Did set up an Active Passive cluster today.
Named my second FW TEAHOMEFW02.
When I log-in to the primary device the following is shown
However when I login from the auxiliary device it shows the same. This will make it more difficult to see on…
This is my last discussion of the week...promise! Everybody has been so helpful this week; I really appreciate it!
Long story short: when setup as active/passive and the auxiliary takes over, does it take the IP of the primary? The reason I ask is we…
Hi all,
we have on our WAN interface an additional IP address (Alias ). For this IP are 2 DNS Hostnames registered. On firewall runs a Reverse Proxy on the Alias IP. We did not see any issues when the users access Hostname1. Some users reports, that…
Hi all,
today I made an manual failover to the auxiliary device. On the auxiliary device the XFRM interfaces began to flapping. On both tunnel ends I had many interface up and down events (ervery few seconds). The IPSec Tunnel itself seems to be stable…
Hi everyone,
i've this problem, when i try to upgrade the firmware from 19.0.1 to 19.5.0 manually with signature file on XGS136 the firewall cluster start to flot from
primary - auxiliary to standalone - fault...
This happens only if one of the…
Hi there
We're trying to set up a High availability environment (active-passive) using this documentation: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/HighAvailablityStartupGuide/HAConfiguration/HAQuickHAConfigureActivePassive…
Hello,
I have to device XG 210 with HA and registered both in sophos central but now i have notification for lost connection for along time
{ sophos xg Last seen 9 hours ago }