This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA interface address behavior

We currently have a single SG310, which we want to extend towards an active/passive HA setup. We recently obtained a second SG310 (same revision). The documentation explains how to set up the HA pair, but does not explain in detail the behavior of the UTMs once they are in HA mode.

Will both UTMs still have their own individual IP addresses (for WebAdmin etc.)?

Will  the secondary UTM be a complete, inactive replica of the primary UTM? Or will the secondary UTM's WebAdmin interface still be accessible as an individual device?

I.e., if utm01 is 172.22.1.1 and utm02 is 172.22.1.2 before HA setup: Once the devices get integrated into an active/passive pair, will utm02 still be accessible via 172.22.1.2 or will it only be indirectly accessible through utm01's HA settings?



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    Once you configure HA Active/Passive, the only active unit can be accessed via WebAdmin. You can't access secondary UTM via WebAdmin. It is possible to SSH into the secondary UTM through primary UTM. 

    The secondary unit will have the complete configuration that is on the master unit. 

    For more information, please check out the High Availability section of the following document: Sophos UTM Administration Guide.

    Thanks,

  • Hallo,

    Here are the instructions I provide to my clients:

    1. If needed, do a quick, temporary install so that the new device can download Up2Dates.
    2. Apply the Up2Dates to the same version as the current unit, do a factory reset and shutdown.
    3. On the current UTM in use, on the 'Configuration' tab of 'High Availability':
       a. Enable Hot-Standby
       b. Select eth3 as the Sync NIC
       c. Configure it as Node_1
       d. Enter an encryption key (I've never found a need to remember it)
       e. Select 'Enable automatic configuration of new devices'
       f. I prefer to use 'Preferred Master: None' and 'Backup interface: Internal'
    4. Cable eth3 to eth3 on the new device.
    5. Cable all of the other NICs exactly as they are on the original UTM.
    6. Power up the new device and wait for the good news. [;)]

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA