Sophos sg-230 UTM 9 HA(Active-Passive) Licensing and Setup

Hi Panox X13,

if you have configured the master node correctly you do not need to configure the second appliance.

You just have to connect the devices by the HA port (default eth3). The rest goes automaticlly when you power on the second appliance.

You have configured the second device so you have to make an factory reset to make sure there are no errors.

But before making an factory reset bring the second device on the same firmware version as the master node.

If the normal up2date process does not work just reimage the appliance via cd/usb with the sophos image(Faster then loading the updates to the appliance and factory reset included) or check the up2date logs to look up why no updates are loaded.

Best Regards
DKKDG

Hi,

please note that HA only work between SG230 with the same hardware revision.
Rev. 1 will nor work with rev. 2

Regards

Thomas

How I can see the hardware version of two sg230?

Hi,

check the serial Numer of your UTM on this webpage community.sophos.com/.../118143 or on the system label of your UTM to find the hardware rev.

To reimaging the UTM download the iso www.sophos.com/.../utm-downloads.aspx and use www.fastvue.co/.../  to creat a usb drive.

HA sync has no downtime you can enable it during work hours.
The slave UTM should have the same software version as the master UTM
The UTM with the longer uptime automatically becomes the master during setup.

Regards Thomas

Hi,

check the serial Numer of your UTM on this webpage community.sophos.com/.../118143 or on the system label of your UTM to find the hardware rev.

To reimaging the UTM download the iso www.sophos.com/.../utm-downloads.aspx and use www.fastvue.co/.../  to creat a usb drive.

HA sync has no downtime you can enable it during work hours.
The slave UTM should have the same software version as the master UTM
The UTM with the longer uptime automatically becomes the master during setup.

Regards Thomas

Thank you so much,

I will try it and I will post

Hello again,

finally I updated my new sophos to the same firmware as the master node has. I was a bit afraid to reimage the sg230 so I look to troubleshoot the up2date proceess.

As I found the problem was with the disk space, there where too many updates and the sophos couldn't store all of them. So I updated it manually.

Right now on the sophos that is my main firewall (Master Node) I have configured in the HA menu

 Hot-Standby(active-passive)

I have fill the Device Name with a name(Node1), the Node id  with 1, the encryption key and I have checked enable automatic configuration of new devices and finally in the Preferred Master I select Node1.

So now, if I have understood right  I have to factory reset the sophos sg230 (the node that I want for slave) then to connect the eth3 interface of my two sophos and power up the machine that I want to be the slave?

If I reset to factory default the firmware updates that I installed will not be lost?

Also the cable should be cross or straight?

Hi Panox X13,

the firmware updates are not lost when doing a factory reset only the configuration will be lost.

Cable should be no problem whether straight or crossed.

Best Regards
DKKDG

I would like to thank you for helping me everything went fine

hi guys

I recently began to study the way for avoid fail over situation, and yours post help me alot , but i have only one question remaining;

can i set up 2 diferents server (Not Sophos aplliance) and i mean diferent harware like HA (Active-Passive) ?

the firmware version its the same and also the number of ethernet nics, and all the config i have in the one i whant it like master is also in the one going to be slave

is this way to work possible ?

thanks in advance