I have been using Astaro/Sophos UTM for over 12 years now. The one thing that confused me was the one step not discuss regarding HA. There is no information/direction about creation of the 'Slave' node. Directions always begins with a n existing UTM to enable as a Node2 'Slave'. Have watched YT, read FastVue, different forums, etc and it seems the Node2 was always built.
By the way all my experience has been with the Software Appliance UTM's running on old servers.
My first time creating a HA 'Slave' node was to spin up server with a bootable ISO like any UTM install. Questions began with type of install to do, what license to use after the install, etc. Call Sophos and they sent me a 90-day license. Bringing up my first HA, the sync actually went the wrong direction wiping out the 'Production' UTM. Assume that the 'Slave' had been up longer than the 'Master' node. Now always reboot the Node2 'Slave' before patching the cables.
Since this happen, have been always rebooting the Node2 'Slave' before patching the cables, use eth3 for syncing NIC and uses 'Auto-Config' on Node2.
We had a weird event a month ago, where there was a HA roll over and got a call on Saturday that some computers where not connecting to network. Found that DHCP service was running on the 'Slave' node but DHCP on 'Master' was not responding to any DHCP requests. Tried resetting DHCP services and reboots but did not resolve the situation. Fix problem by disabling HA Operation mode to 'Off so all services are running on Node1 which was 'Master' and reset Node2 to default. This UTM has the Full' option license.
This week went back to enable HA, browsed Node2 WebAdmin and was prompt that license has expired. The previous time had used Node1 license key.
So what gives? Thought the 'Slave' node did not require a license when in 'Active-Passive' mode.
What is the proper steps for creating the 'Slave' Node2?
Bob G.
This thread was automatically locked due to age.