Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 24877 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wireless Protection - impact of UTM failure

lorenzso
Hi,

I'm currently planing a WLAN project for a customer. He wants to replace all cabeling with wireless stuff.

We currently plan to use several Sopos APs (6 x AP15 an 12 x AP30 together with a UTM 120). 

The customer now asks if he needs high availability for the UTM appliance. 
So the question is what will happen if the UTM has a hard/software failure ? 
Does the WLAN form the APs still work? (meaning can local workstations still communicate internally?) 
Of course Guest-Access/Vouchers from Sophos will not work. But my guess is that internal LAN communication (in the same Subnet) will still work. Is that correct?

Another question is how many APs can be connected to a UTM120?


This thread was automatically locked due to age.
Parents
  • 0
    I don't think this will work. Sophos APs pull their config from the UTM, so if there is no UTM they won't get a config...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Reply
  • 0
    I don't think this will work. Sophos APs pull their config from the UTM, so if there is no UTM they won't get a config...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Children
  • 0 in reply to scorpionking
    Thanks for your reply. Sure, if UTM is down the device won't recieve a config. But if the device is initially configured it has a config it could be working? (of course if the AP reboots the config is lost). 

    What if the UTM is updated and reboots? Is then the WLAN completely down?
  • 0 in reply to lorenzso
    The WLAN will not be available if the UTM is not up and running.  This includes reboots, outages, etc.  The best insurance against such a scenario is to run the UTM in HA mode with a backup unit -- the HA license is included for free with any subscription purchase.  Switchover time for HA is under 10 seconds in most cases.  The only additional cost to run an active/passive HA configuration is the purchase of the 2nd appliance; the HA licensing is included as part of the subscription(s) purchased for the primary unit.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Unfiltered HTML