This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos HA over Two Datacenter

Hi I'm thinking for a Colocation for our Company with SAN Replication over dark fiber (L2). So my question is if it's possible to have a Sophos HA (Active / Passive) over two Datacenter so that if the Datacenter 1 is down the Sophos on Datacenter 2 switches to Master and I can run all VMs on Datacenter 2 and also all remote Offices connect automatic to this Firewall.

One of the WAN is located on the Datacenter 2 and the other in Datacenter 1. The Network would be completely transparent (Layer2 connection between both Datacenter).

The only problem I see is that also the heartbeat of the Sophos FW has to go over the dark fiber and if the connection between the Datacenter is down, both firewall are in master mode and can accept VPN, SMTP…

Thanks



This thread was automatically locked due to age.
Parents
  • Hi Tobias,

    Could the Sophos be a single Virtual appliance that fails over with the rest of the VM's?

    We have a customer with sites a few km apart linked by fibre with a Sophos UTM9 appliance each in a HA configuration. There are redundant L2 paths between the two sites, but there is no qorum/witness in Sophos HA so there is always the danger of split brain. It is rarely a problem, although I don't know the particulars of your configuration. If Sophos is doing SMTP filtering then I guess some email could be lost when they come back together and fight over which one is master.

    Are you running BGP over your WAN links?

    James

Reply
  • Hi Tobias,

    Could the Sophos be a single Virtual appliance that fails over with the rest of the VM's?

    We have a customer with sites a few km apart linked by fibre with a Sophos UTM9 appliance each in a HA configuration. There are redundant L2 paths between the two sites, but there is no qorum/witness in Sophos HA so there is always the danger of split brain. It is rarely a problem, although I don't know the particulars of your configuration. If Sophos is doing SMTP filtering then I guess some email could be lost when they come back together and fight over which one is master.

    Are you running BGP over your WAN links?

    James

Children
No Data