I've deployed UTM's as load balanced pairs myself without using the SOPHOS HA CFT, using application load balancers in front. Recently tested the CFT for HA, all in all it seems to work OK, however I noticed its deploying the classic load balancer, which AWS constantly keeps telling us is deprecated (yes there are probably over 100,000 of them out there). I used the application load balancer in front of our UTM 9's, while the ALB doesn't offer TCP support, you can get HTTPS health checks to work by using the user portal on port 9443. This then allows using a better load balancer. I'm likely going to hack the supplied CFT up a bit to rip out the classic and install the ALB, wondering if SOPHOS has already done this? I don't think using the classic makes sense any longer. Using the ALB also allows white listing, and the ALB is a much better load balancer than the old classic. I've seen the classic occasionally exhibit poor behavior, and not always recover well from downstream issues.
This thread was automatically locked due to age.