This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Redundant uplink > same ip address > uplink balancing vs LAG

hello all

we are installing a new uplink next week we have 2 x sophos utm sg 330 in a HA active/passive setup

previously we had 1 uplink router, so 1 cable into each sophos utm 330 but will now receive 2 routers in a master slave set up using cisco HSRP, short for Hot Standby Router Protocol

what this means is if the first router goes down , the second one takes over with the same configuration , same ip address etc is it possible to add the interfaces on the backup router using additional ports on the sophos utm AND giving them the same interface IP address ?

i would then put the second uplink interface into the standby network in the uplink section , rather than as active

I have tried this on our spare sophos utm sg and it does allow you to specify the same IP address on the secondary interface

I asked sophos support if this would work and they are pointing me in the direction of LAG groups (funnily the next tab from uplink balancing)

So my question is does anyone have experience of something similar and what would you recommend ?

many thanks

This thread was automatically locked due to age.

Top Replies

neildonaldson over 3 years ago in reply to BAlfson +1

hello Bob thanks for the input, the only reason for trying to keep the same ip, was because of the SSL vpn connections and the IPSEC connections nell

Parents

0 BAlfson over 3 years ago

Hallo Neil,

My visual-tactile learning style can't "see" what you are suggesting, so I'm not sure I've understood what you're asking...

At my client sites with two UTMs in Hot Standby and two ISPs, we have a switch between the UTMs and the ISPs. The UTMs are cabled identically with a cable connecting them directly on eth3. No HSRP in use as all fail-over is handled by the UTM configuration. Uplink Balancing with Multipath rules is used to distribute the traffic over the two ISPs. No LAG is involved in this aspect of the configuration. Did that help?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 3 years ago

Hallo Neil,

My visual-tactile learning style can't "see" what you are suggesting, so I'm not sure I've understood what you're asking...

At my client sites with two UTMs in Hot Standby and two ISPs, we have a switch between the UTMs and the ISPs. The UTMs are cabled identically with a cable connecting them directly on eth3. No HSRP in use as all fail-over is handled by the UTM configuration. Uplink Balancing with Multipath rules is used to distribute the traffic over the two ISPs. No LAG is involved in this aspect of the configuration. Did that help?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data