High availability with Sophos UTM was very easy: You need to plug in an ethernet cable at the “HA” labeled port between both devices, that’s all. At the XG, you need to configure it manually. I’m using two Sophos XG 125 Rev.3 devices. We will built HA between “Port8”. Actually the new Sophos devices are very nice:
at the first step you need to enable SSH (under “Device Access”) for the DMZ zone. The HA port will be configured in the DMZ zone:
Configure an IP address which is not in use in your network. Choose “DMZ” as the network zone like this:
go on with the primary node and configure the peer parameters and choose and document a complex password for the HA data encryption
the slave device is getting 10.1.1.2/30 on DMZ Port 8 and this auxiliary device configuration:
your final configuration will look like this:
now you can connect both Port8 with a network cable:
after this, you will see a new log entry in the system log file:
HA status is also visible in the dashboard:
a “little” bit more complicated but easy after initial configuration :-) keep in mind that you connect all your different networks (LAN, DMZ, WAN [DSL, Cable, etc]) to both devices!
Have a nice sunny day!
4 Responses
Michel, I am not able to locate any official documentation or comment from Sophos on this, but it is my understanding that Synchronized Security does not currently work(under XG v17.x) in cluster / HA mode. I work for a Sophos partner in the South Eastern United States. Apparently they are working on this, but thought you would be interested to know this..
Hi Scott,
it is hard to imagine that this won’t work. Maybe they have a specific problem, did they open a support case at the distributor or at Sophos directly?
Michel, we did not learn of this through support channels. Our Sophos Sales Engineer informed us of this via general discussions of the XG platform.
Hi Scott,
I asked a sophos support guy and he didn’t know any problems with this.