This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos sg-230 UTM 9 HA(Active-Passive) Licensing and Setup

Hello,

I would like to create an HA Active-Passive between 2 Sophos Sg-230.

Right now I have only one sophos SG-230 with network Protection Licence, Also its firmware is 9.600-5

I bought a second SG-230 and I want to configure it as a Slave on the HA

I follow the above instructions of the above link

https://techbast.com/2015/04/configuring-high-availability-ha-on-sophos-utm.html

And I have configured only the Master node.

So right now I have to configure the Slave node and I'm confused.

What I should select in the HA menu of the second node? I have the options auto-configuration and active-passive ha ?

I'm afraid if I connect the second node it will be become as a master and my old sophos lose its configuration.

Also the new sophos I haven't install any licence I thought the licence of the Master Node will be transferred when the HA will finish syncing.

Also the new sophos has an older firmware 9.311 I tried to update it with Up2Date but nothing is happening, in the dashboard it finds that updates should be installed but when I click on it in the Up2Date page it shows that sophos is up to date.

So I was wondering if I select in the high availability in menu Hot-Standby(active-passive)

and I fill the Device Name with a name, the Node id  with 2, the encryption key with the key that I gave in node1 and I check enable automatic configuration of new devices and finally connect them with a cross cable, 

I will be fine? The node 2 will be the slave of the HA and then it will sync configuration licence and firmware from the master?

or I have to do something else?



This thread was automatically locked due to age.
Parents Reply Children
  • Thank you so much,

    I will try it and I will post

  • Hello again,

    finally I updated my new sophos to the same firmware as the master node has. I was a bit afraid to reimage the sg230 so I look to troubleshoot the up2date proceess.

    As I found the problem was with the disk space, there where too many updates and the sophos couldn't store all of them. So I updated it manually.

    Right now on the sophos that is my main firewall (Master Node) I have configured in the HA menu

     Hot-Standby(active-passive)

    I have fill the Device Name with a name(Node1), the Node id  with 1, the encryption key and I have checked enable automatic configuration of new devices and finally in the Preferred Master I select Node1.

    So now, if I have understood right  I have to factory reset the sophos sg230 (the node that I want for slave) then to connect the eth3 interface of my two sophos and power up the machine that I want to be the slave?

    If I reset to factory default the firmware updates that I installed will not be lost?

    Also the cable should be cross or straight?

  • Hi Panox X13,

    the firmware updates are not lost when doing a factory reset only the configuration will be lost.

    Cable should be no problem whether straight or crossed.

    Best Regards
    DKKDG

  • I would like to thank you for helping me everything went fine

  • hi guys

    I recently began to study the way for avoid fail over situation, and yours post help me alot , but i have only one question remaining;

     

    can i set up 2 diferents server (Not Sophos aplliance) and i mean diferent harware like HA (Active-Passive) ?

     

    the firmware version its the same and also the number of ethernet nics, and all the config i have in the one i whant it like master is also in the one going to be slave

    is this way to work possible ?

     

    thanks in advance