Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 2686 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA doesnt work in any conditions

Stefano Sorrentino

Hi All,

i´m new in this Sophos world, and i have problems with the HA between two Brand new XG135.

There is no way to initiate the HA....any suggestions?



This thread was automatically locked due to age.
  • 0

    Hello Stefano,

    Thank you for contacting the Sophos Community!

    Most likely the issue is because the appliance is set in Bridge Mode.

    https://support.sophos.com/support/s/article/KB-000035744?language=en_US

    * HA is supported in Bridge interface when you configure Bridge from GUI interface page. However, if you run the wizard on Bridge mode after configuring HA, HA will be disabled.

    Could you please take a screenshot of your interfaces?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0

    here we are,

    thank you Emmanuel for the fast reply!

  • 0 in reply to Stefano Sorrentino

    Hello Stefano,

    Thank you for the follow-up!

    Could you please confirm if both devices are registered and what are the details of the license in this device?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0

    Hello Emmanuel,

    both the device are registered and the licenses are all acrive on the Primary device (btw it will be active-passive ha config)

    today i´ve update also both the firewalls to the last firmware available,

  • 0 in reply to Stefano Sorrentino

    Which port did you use to enable the QuickMode? 

    Make sure, both Ports have different IPs. 

    __________________________________________________________________________________________________________________

  • 0 in reply to Stefano Sorrentino

    Hello Stefano,

    Thank you for the follow-up!

    Do you have access to the other XG? The one that will be Passive?

    Can you also take a screenshot of the interfaces?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    it´s automatic with the Quick Mode, istn´t it? i cannot choose nothing The firewall overwrite the Port config.

    i have a local default access on the 172.16.16.16:4444 i didn´t charge the config from the other firewall, or need i?

  • 0 in reply to Stefano Sorrentino

    XG has something called "Peer Administration IP". This IP is used to access the second node all the time. 

    See Online Help: 

    Quick HA assigns the Peer administration port based on the interface you are currently using to access XG Firewall WebAdmin. For example, if you are connected to PortA, this interface becomes the Peer administration port on both XG Firewall devices.
    (There will be added a tip later to indicate the following: )
    Be aware, you have different IP addresses, in case you access the Quick Mode. As XG tries to build the HA; it will also try to use the current webadmin IP for the Peer Administration iP. 
    So if you have 172.16.16.16 on both appliances, it will generally speaking not work. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I´m Lost.....is more complicated as "Quick"......
    i have to recap, sorry.......
    i have two firewalls one is Primary in production environment with the network interfaces like the image above......I connect normally to this one using the VLAN 30 on the port 2, and is where i started the Primary Quick HA.
    the other is without config. so i started the Auxiliary Quick HA from the port 1 and the address 172.16.16.16:4444
    both are connected by a 7.5m straight cable on port 7.

    so to make all these thing works, if i am not wrong, i have to go to the Primary, port 1, take the 172.16.16.17 or something else in the same network, but not the 16 already configured on the auxiliary....and start from there, locally ,as done on the auxiliary, the Quick HA on the port 7? is that correct?

  • +1 in reply to Stefano Sorrentino

    Peer Administration IP is a way to access and manage the other appliance. If you stop a HA, the aux will loose all interfaces BUT the peer adminstration. So you are still able to access the aux remotely. 

    Both appliance cannot have the same IP as a peer administration. That means, you cannot access the webadmin on both appliances via Port7 and have the same IP on it (172.16.16.16). 

    Workaround would be: Give AUX .17 or give primary .17 and create the HA.

    Your approach is somehow different from the "basic doing" but a valid case.

    Most customers give the AUX a IP in there Network and patch it into the network. Accessing the aux via the new IP and rebuild the HA. 

    __________________________________________________________________________________________________________________

Unfiltered HTML