Hi all, today I made an manual failover to the auxiliary device. On the auxiliary device the XFRM interfaces began to flapping. On both tunnel ends I had many interface up and down events (ervery few seconds). The IPSec Tunnel itself seems to be stable…

Hi everyone, i've this problem, when i try to upgrade the firmware from 19.0.1 to 19.5.0 manually with signature file on XGS136 the firewall cluster start to flot from primary - auxiliary to standalone - fault... This happens only if one of the…

Hi there We're trying to set up a High availability environment (active-passive) using this documentation: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/HighAvailablityStartupGuide/HAConfiguration/HAQuickHAConfigureActivePassive…

Hello, Who is the "hauser" user in Sophos XG firewall in HA active-passive mode? The user connects from passive to active unit via SSH.

Hi, I've recently read that, there is an issue with licensing after failover. Could you help me here? We have a XG-125 Active-Passive Cluster (V19.1 Firmware) and currently the former auxilary is "primary". The former "primary" holds the licenses…

Currently we are suffering a conflict of roles between 2 firewall XG330 in HA ACTIVE-PASSIVE: both think they are the primary. LAN MASTER. 192.168.100.16/23 PORT1 cisco gi1/1. PORT 6 USED FOR HA DIRECT CABLE to AUXILIARY LAN AUXILIARY. 192.168.101…

Hi , I want to know if the VPN site to site is supported on HA in Active - Passive mode , cause i noticed whenever auxilary is in control , the VPN goes down . Is it a nomal behaviour or i should create a tciket ?

Hello Community, it's quite easy to connect two Firewalls to have a HA Cluster. But the next step is to connect every port of both Firewalls to the corresponding network. It's still quite easy to connect e.g. both LAN and DMZ ports to the LAN and…

Hello, Im trying to implement HA active-passive and i want to know what is the purpose of DMZ between the active/passive firewall, and if it's mandatory or i can ignore it. Thank you.

Hi, im just having a quick question. Our two XG450 are splitted between two datacenters. The dedicated HA Link is connected via Fibre. All other links are connected to the switches inside the datacenter. Sadly one of the SFP died last week, but the…

Hi, We have sophos xgs4500 and 19.0.1 MR1 firmware. we configured LAG in LAN side with 2 interface. We have setup both firewall as active-active. After this setup, we are getting invalid tcp state log and some website stopped working. Later on HA…

Hi - I have 2 550 firewalls in HA and at one point years ago I think I uploaded a .sig firmware file and did the upgrade that way which ended up rebooting both firewalls at once. Since then I just wait till there's a popup window saying there's an update…

We moved two XGS136s from IDC1 to IDC2, the network configuration is the same, but after the firewall is turned on, we send the HA status display abnormal, as shown in the following figure： In addition: Manually triggering HA failover has also happened…

Hi, we have a HA cluster that is in standalone/faulty state. The faulty device (standby) is still reachable through SSH over the HA link but as far as I can see it has the same IP configured on the LAN interface and so I cannot reach it through the…

Hello Sophos Community, we have to Layers of Firewalling 2 FortiGates installed in HA AP, and 2 Sophos XGS 3300 installed in AH AP. We want to connect the Two Layers of Firewalls directly using Full Mesh Connected Topology (The figure in the attachement…

Hello everyone, I realized that in HA config of a XGS it's only possible to add a interface to the list of monitored Interfaces if it has a zone and an IP assined to it natively. Here is my example: So if I want to add Port 4 to the list of monitored…

Dear all, a customer of mine has 2 XG210 in HA mode (Active/Passive) that are running with the firmware version 18.5. I have to upgrade the HA to the version 19.0 and I'd like to know if I can upgrade/migrate the firmware without un-mounting the HA…

Hello Sophos and Community, this topic seems to be an problem for a long time and i have tried to figure out how but i just seems, that there is no way. We are using the Sophos XG Web API which is for at least some part documented ( https://docs…

Hey folks, I have 2 XG 310 in an active-active HA. When failover occurs (Primary goes down), the RED tunnel goes down and there is no failover for the RED tunnel. I need to disable and re-enable the RED tunnel... Is it the correct behavior in…

Hi all, i'm going to configure HA Active-passive, i'm reading many topics, but are not more detailed i need to know these: ( On auxiliary device) 1- What is the ip address to set on Port 1 (lan) on auxiliary device.Is't the same one on the primary…

I have a client who has purchased 4 XGS devices and wishes to have a pair located at main site and a pair located at backup site. Can I configure all 4 devices in one cluster and have a 1Gb heartbeat link across to the other site and still have high availability…

Today we were alerted by CheckMK about some port errors on one of our 18.5 MR3 HA Clusters. The issue happened on the dedicated HA Port Port10 on which both machines are connected with 1m CAT6 cable. Of course, we could change the cable. But I'd…

Hi.. After changing from XG to XGS, portmgmt seems to have changed from its predecessor. When the HA configuration is synchronized, is the mgmt port setting synchronized? I would like to know if it is possible to use mgmtport to enable access to secondary…

Hello! As i mentioned in the title i unplugged the optical modem from our XG HA (Port1 is monitored in HA) and then the 2 XG's are rebooted simultaneously, why? Why does it need to reboot when a link fails? Is this normal behavior? Thank you

Hello, this morning the still active node of one of our XG 210 cluster (latest firmware) crashed. It was not possible to administrate this firewall via https, ssh and panel. We needed to remove the power plug in order to get it running again. After…