This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

virtual MAC for WAN in HA

We have to UTM 220s in an active-passive configuration with two Internet connections.  The ISP for one of the Internet connections needs to know the MAC address that the cable modem is connected to in order to assign a static IP.  Is it advisable to use the same virtual MAC on both UTMS for that connection so that when the slave node of the HA takes over we don't have to call the ISP and register the modem with a new MAC?


This thread was automatically locked due to age.
  • I would expect that they already have the same MAC.  What do you get from:

    cc get ha advanced virtual_mac


    If it's 1, then I believe that means that both will have the same MAC.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I actually don't have HA running at the moment due to some issues we're having with our primary Internet connection.  I'll run that command when I have them running normally again. Thanks for the suggestion!
  • You are correct, Bob.  When I put the two UTMs in HA mode, it automatically created a virtual MAC for each interface.  I gave the virtual MAC to our ISP and they were able to use that to set our static IP.

    BTW, I wasn't able to run that command because I kept getting access denied while attempting to connect via SSH, but that's another issue of another day.
  • Hi,

     

    Same thing is happening to me. I have 2 XG 310 firewalls configured in HA. When they are in HA, I cannot connect to services when I'm outside our network. I have 2 WAN connections. One connects to Bell (using a modem/router) and the other one is connected to our parent company (using a switch). I now the firewalls use 'virtual MAC address' for each WAN interface when they are in HA. Do I have to tell Bell that 'this is our virtual MAC address and please set our IP related to this'? On the second WAN which is facing a switch, is there a way to change the MAC address of the port.

    Thanks you in advance.

    Ariel

  • Hi Ariel and welcome to the UTM Community!

    Yes, the virtual MAC is the one that's visible to the ISP, not the hard-coded one assigned by the manufacturer to the NIC.

    Each NIC can have a virtual MAC.  Edit the NIC on the 'Hardware' tab of 'Interfaces & Routing >> Interfaces'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA