High availability with Sophos UTM was very easy: You need to plug in an ethernet cable at the “HA” labeled port between both devices, that’s all. At the XG, you need to configure it manually. I’m using two Sophos XG 125 Rev.3 devices. We will built HA between “Port8”. Actually the new Sophos devices are very nice:
at the first step you need to enable SSH (under “Device Access”) for the DMZ zone. The HA port will be configured in the DMZ zone:
Configure an IP address which is not in use in your network. Choose “DMZ” as the network zone like this:
go on with the primary node and configure the peer parameters and choose and document a complex password for the HA data encryption
the slave device is getting 10.1.1.2/30 on DMZ Port 8 and this auxiliary device configuration:
your final configuration will look like this:
now you can connect both Port8 with a network cable:
after this, you will see a new log entry in the system log file:
HA status is also visible in the dashboard:
a “little” bit more complicated but easy after initial configuration 🙂 keep in mind that you connect all your different networks (LAN, DMZ, WAN [DSL, Cable, etc]) to both devices!
Have a nice sunny day!