Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 6 subscribers
  • Views 14601 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active/standby & Active/standby cluster?

Louis-M

We have 2 central sites with 30mb internet connections. We are thinking of deploying a active/standby configuration at each site (2x SG310 at each site) and then clustering the two sites together which are directly connected via a 100mb link.

Would the above be a good setup? Or are there gotcha's to watch out for?



This thread was automatically locked due to age.
  • 0

    What do you mean by "clustering the two sites together" - what benefit are you hoping to achieve?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Basically, we want to load balance our outgoing connections. The more I'm reading about it though makes it not a straight forward as it seems.

    My understanding of Sophos is that in a cluster, everything goes through the master which in turn offloads it to other slave nodes?
    To me this means that all outgoing traffic would have to hit the master which in turn would load balance it from there eg offload approx half to the other site and sent approximately the remaining half out through itself.

    I'm not sure this is what we want and the way to do it might be to look at routing protocols before they hit the Sophos so the incoming to both Sophos is sort of balanced before it hits them. In this scenario, we wouldn't cluster the Sophos but use each one as active/standby at each site (SITE A has active/standby with 30mb internet & SITE B has active/standby with 30mb internet)

  • 0 in reply to Louis-M

    If I were to tell you that it is not possible to cluster two sites, would that change your question or be the answer that you had not hoped for?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Not even with a dedicated 100mb connection between both sites?

    That being said, I'm not sure it's what we want as I don't really want all traffic coming into one site to be balanced with another. I'd rather the network takes care of this and the Sophos just take care of what's chucked at them.

  • 0 in reply to Louis-M

    Although it doesn't make sense to cluster the two sites, it's still possible to use the dedicated line as the failover for a site if its primary WAN connection is down.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I'm not sure how even that would work.

    Site A = 10.1.1.0/24
    Site B = 10.1.100.0/24

    Both connected via a 100mb link. Both have internet connections.

    Now if traffic was going to Site A (with Site B as failover), how would the traffic get to Site B if Site A UTM completely failed? I think it might only work if the wan at Site A went down.

    This is why we're thinking of an active/failover at each site so hardware failure wouldn't come into it. I do however want traffic going to both sites to get out to the internet so I'm leaning towards OSPF at the moment.

  • 0 in reply to Louis-M

    This is straightforward using Uplink Balancing and Multipath rules.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    You've lost me there. Please could  you explain further?

Unfiltered HTML