Currently we are suffering a conflict of roles between 2 firewall XG330 in HA ACTIVE-PASSIVE: both think they are the primary.
LAN MASTER. 192.168.100.16/23 PORT1 cisco gi1/1. PORT 6 USED FOR HA DIRECT CABLE to AUXILIARY
LAN AUXILIARY. 192.168.101…
Hi , I want to know if the VPN site to site is supported on HA in Active - Passive mode , cause i noticed whenever auxilary is in control , the VPN goes down . Is it a nomal behaviour or i should create a tciket ?
Hello Community,
it's quite easy to connect two Firewalls to have a HA Cluster.
But the next step is to connect every port of both Firewalls to the corresponding network. It's still quite easy to connect e.g. both LAN and DMZ ports to the LAN and…
Has anyone ever successfully managed to lite-touch provision an active-passive HA-pair using Sophos Central?
Central says „ To add firewalls in an HA pair, enter both serial numbers (primary firewall first) separated by a comma. “ but adding two serial…
Hello,
Im trying to implement HA active-passive and i want to know what is the purpose of DMZ between the active/passive firewall, and if it's mandatory or i can ignore it.
Thank you.
Hi,
im just having a quick question. Our two XG450 are splitted between two datacenters. The dedicated HA Link is connected via Fibre. All other links are connected to the switches inside the datacenter. Sadly one of the SFP died last week, but the…
Hi,
We have sophos xgs4500 and 19.0.1 MR1 firmware. we configured LAG in LAN side with 2 interface. We have setup both firewall as active-active. After this setup, we are getting invalid tcp state log and some website stopped working. Later on HA…
Hi - I have 2 550 firewalls in HA and at one point years ago I think I uploaded a .sig firmware file and did the upgrade that way which ended up rebooting both firewalls at once. Since then I just wait till there's a popup window saying there's an update…
We moved two XGS136s from IDC1 to IDC2, the network configuration is the same, but after the firewall is turned on, we send the HA status display abnormal, as shown in the following figure:
In addition: Manually triggering HA failover has also happened…
Hi,
we have a HA cluster that is in standalone/faulty state. The faulty device (standby) is still reachable through SSH over the HA link but as far as I can see it has the same IP configured on the LAN interface and so I cannot reach it through the…
Hello Sophos Community,
we have to Layers of Firewalling 2 FortiGates installed in HA AP, and 2 Sophos XGS 3300 installed in AH AP.
We want to connect the Two Layers of Firewalls directly using Full Mesh Connected Topology (The figure in the attachement…
Hello everyone,
I realized that in HA config of a XGS it's only possible to add a interface to the list of monitored Interfaces if it has a zone and an IP assined to it natively. Here is my example:
So if I want to add Port 4 to the list of monitored…
Hello,
I am reaching out to the community as I am struggling to find any documentation/pointers on where to go. I am sure this forum has a number of experts who will be able to help.
We are currently in the process of implementing VLANs and in…
Dear all,
a customer of mine has 2 XG210 in HA mode (Active/Passive) that are running with the firmware version 18.5. I have to upgrade the HA to the version 19.0 and I'd like to know if I can upgrade/migrate the firmware without un-mounting the HA…
Hello Sophos and Community,
this topic seems to be an problem for a long time and i have tried to figure out how but i just seems, that there is no way.
We are using the Sophos XG Web API which is for at least some part documented ( https://docs…
Hey folks,
I have 2 XG 310 in an active-active HA. When failover occurs (Primary goes down), the RED tunnel goes down and there is no failover for the RED tunnel. I need to disable and re-enable the RED tunnel...
Is it the correct behavior in…
Hi all,
i'm going to configure HA Active-passive, i'm reading many topics, but are not more detailed
i need to know these: ( On auxiliary device)
1- What is the ip address to set on Port 1 (lan) on auxiliary device.Is't the same one on the primary…
Hi,
I've recently setup a HA active/passive pair of virtual XG firewalls running in VMware, with a branch office setup with a RED tunnel to the HA pair.
Every time we trigger failover between the HA firewalls (ie rebooting or when I upgraded the firmware…
Hi,
we have 3 HA Active/Passive Clusters with XGS136.
They all have Port10 as dedicated HA Port and are linked with 1m patch cables of good quality.
All 6 nodes show dropped packets and some also show port errors on Port10 for RX only.
Some of…
I have a client who has purchased 4 XGS devices and wishes to have a pair located at main site and a pair located at backup site. Can I configure all 4 devices in one cluster and have a 1Gb heartbeat link across to the other site and still have high availability…
good, we have in our infrastructure 2 FW xg 550 I HA active-passive, and we want to connect them to 2 cisco cores, with the maximum number of 10 Gb fiber optic ports to the two switches.
In the old documentation LAG indicated that a maximum of 4 ports…
Today we were alerted by CheckMK about some port errors on one of our 18.5 MR3 HA Clusters.
The issue happened on the dedicated HA Port Port10 on which both machines are connected with 1m CAT6 cable.
Of course, we could change the cable.
But I'd…
Howdy!
My company is moving our XG firewalls from one data center to another. The move requires configuration changes of various sorts (e.g., WAN port IP address). The firewalls are currently running in HA Active-Passive mode. I'll call the active device…
Hi..
After changing from XG to XGS, portmgmt seems to have changed from its predecessor. When the HA configuration is synchronized, is the mgmt port setting synchronized?
I would like to know if it is possible to use mgmtport to enable access to secondary…