Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 5671 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA fail - Passive node not accessible and HA not working

IT Manager5

Hi All.

Was checking firewall prior to firmware uprade and discovered my HA pair is operating properly.  Ran into some more issues and am hoping you guys will be able to help me unpick it all.

When I go to System Services>High Availability:

1. The "Serial Number" has a red "Standalone" next to it

2. The "Peer Serial Number" has a red "Faulty" next to it

I've looked through section #7 in this very useful help doc: https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/79041/troubleshooting-guide-for-xg

and can't see any issues.

WAN is not DHCP or PPPoE

Can't get to passive device to check whether HA is disabled or not

DMZ_HA port has been created and SSH is enabled

I'm not using a crossover cable, I'm using a normal CAT5 cable to link the 2 devices together but that is OK from what I have read

I've run show details for HA on the console of the Active unit and it looks like this

But I can't ping 192.168.50.6

I've run out of places to look to find an error.

 

Thanks

Jon



This thread was automatically locked due to age.
  • 0

    I should also add that the network ports that the firewall is plugged into show as up and connected on the GUI for the switch

     

    Knocked up a diagram of the current switch/firewall:

  • 0

    Anyone at the location able to see what's displayed on the lcd panel or hook up usb or serial console cable to a server/pc terminal you can access to check what's being logged on the faulty xg?

    Any ping on the 10.1.1.x dedicated ip's?  if there is ping is there ssh?

    anything useful in /log/msync.log or /log/ctsyncd.log ?

    What is the output of ethtool Port# for the HA port?  Example good result for an active port:

    XG330_WP02_SFOS 17.5.0 GA# ethtool Port8
    Settings for Port8:
            Supported ports: [ TP ]
            Supported link modes:   10baseT/Half 10baseT/Full
                                    100baseT/Half 100baseT/Full
                                    1000baseT/Full
            Supported pause frame use: Symmetric
            Supports auto-negotiation: Yes
            Advertised link modes:  10baseT/Half 10baseT/Full
                                    100baseT/Half 100baseT/Full
                                    1000baseT/Full
            Advertised pause frame use: Symmetric
            Advertised auto-negotiation: Yes
            Speed: 1000Mb/s
            Duplex: Full
            Port: Twisted Pair
            PHYAD: 1
            Transceiver: internal
            Auto-negotiation: on
            MDI-X: off (auto)
            Supports Wake-on: pumbg
            Wake-on: g
            Current message level: 0x00000007 (7)
                                   drv probe link
            Link detected: yes