This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

virtual MAC for WAN in HA

We have to UTM 220s in an active-passive configuration with two Internet connections.  The ISP for one of the Internet connections needs to know the MAC address that the cable modem is connected to in order to assign a static IP.  Is it advisable to use the same virtual MAC on both UTMS for that connection so that when the slave node of the HA takes over we don't have to call the ISP and register the modem with a new MAC?


This thread was automatically locked due to age.
Parents
  • You are correct, Bob.  When I put the two UTMs in HA mode, it automatically created a virtual MAC for each interface.  I gave the virtual MAC to our ISP and they were able to use that to set our static IP.

    BTW, I wasn't able to run that command because I kept getting access denied while attempting to connect via SSH, but that's another issue of another day.
Reply
  • You are correct, Bob.  When I put the two UTMs in HA mode, it automatically created a virtual MAC for each interface.  I gave the virtual MAC to our ISP and they were able to use that to set our static IP.

    BTW, I wasn't able to run that command because I kept getting access denied while attempting to connect via SSH, but that's another issue of another day.
Children
  • Hi,

     

    Same thing is happening to me. I have 2 XG 310 firewalls configured in HA. When they are in HA, I cannot connect to services when I'm outside our network. I have 2 WAN connections. One connects to Bell (using a modem/router) and the other one is connected to our parent company (using a switch). I now the firewalls use 'virtual MAC address' for each WAN interface when they are in HA. Do I have to tell Bell that 'this is our virtual MAC address and please set our IP related to this'? On the second WAN which is facing a switch, is there a way to change the MAC address of the port.

    Thanks you in advance.

    Ariel

  • Hi Ariel and welcome to the UTM Community!

    Yes, the virtual MAC is the one that's visible to the ISP, not the hard-coded one assigned by the manufacturer to the NIC.

    Each NIC can have a virtual MAC.  Edit the NIC on the 'Hardware' tab of 'Interfaces & Routing >> Interfaces'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA