Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 2682 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA doesnt work in any conditions

Stefano Sorrentino

Hi All,

i´m new in this Sophos world, and i have problems with the HA between two Brand new XG135.

There is no way to initiate the HA....any suggestions?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Emmanuel,

    both the device are registered and the licenses are all acrive on the Primary device (btw it will be active-passive ha config)

    today i´ve update also both the firewalls to the last firmware available,

  • 0 in reply to Stefano Sorrentino

    Hello Stefano,

    Thank you for the follow-up!

    Do you have access to the other XG? The one that will be Passive?

    Can you also take a screenshot of the interfaces?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    it´s automatic with the Quick Mode, istn´t it? i cannot choose nothing The firewall overwrite the Port config.

    i have a local default access on the 172.16.16.16:4444 i didn´t charge the config from the other firewall, or need i?

  • 0 in reply to Stefano Sorrentino

    XG has something called "Peer Administration IP". This IP is used to access the second node all the time. 

    See Online Help: 

    Quick HA assigns the Peer administration port based on the interface you are currently using to access XG Firewall WebAdmin. For example, if you are connected to PortA, this interface becomes the Peer administration port on both XG Firewall devices.
    (There will be added a tip later to indicate the following: )
    Be aware, you have different IP addresses, in case you access the Quick Mode. As XG tries to build the HA; it will also try to use the current webadmin IP for the Peer Administration iP. 
    So if you have 172.16.16.16 on both appliances, it will generally speaking not work. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I´m Lost.....is more complicated as "Quick"......
    i have to recap, sorry.......
    i have two firewalls one is Primary in production environment with the network interfaces like the image above......I connect normally to this one using the VLAN 30 on the port 2, and is where i started the Primary Quick HA.
    the other is without config. so i started the Auxiliary Quick HA from the port 1 and the address 172.16.16.16:4444
    both are connected by a 7.5m straight cable on port 7.

    so to make all these thing works, if i am not wrong, i have to go to the Primary, port 1, take the 172.16.16.17 or something else in the same network, but not the 16 already configured on the auxiliary....and start from there, locally ,as done on the auxiliary, the Quick HA on the port 7? is that correct?

  • +1 in reply to Stefano Sorrentino

    Peer Administration IP is a way to access and manage the other appliance. If you stop a HA, the aux will loose all interfaces BUT the peer adminstration. So you are still able to access the aux remotely. 

    Both appliance cannot have the same IP as a peer administration. That means, you cannot access the webadmin on both appliances via Port7 and have the same IP on it (172.16.16.16). 

    Workaround would be: Give AUX .17 or give primary .17 and create the HA.

    Your approach is somehow different from the "basic doing" but a valid case.

    Most customers give the AUX a IP in there Network and patch it into the network. Accessing the aux via the new IP and rebuild the HA. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    i cannot believe it....

    is the "Not Available" status normal?

    incredible, after 2 days at phone with the Reseller and 1 invoice for support payed without any solution, now seems to work...........wow....

  • 0 in reply to Stefano Sorrentino

    Is there an update on this status? 

    __________________________________________________________________________________________________________________

  • 0 in reply to Stefano Sorrentino

    At least the HA is there. 
    Faulty means, the AUX has some issues. 
    Did you connect the HA appliance as the primary? Same links etc? If not, it will remain in status faulty until you do. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    After several minutes and a couple of restarts and a couple of down of the Gateway......seems to be stable:

    yehhaaaaa

Reply Children
No Data
Unfiltered HTML