What happens when HA and the main WAN interface get broken simultaneously

The HA link is meant to be a direct cable, it definitely should have its own port and not be on a VLAN, I'm guessing you are using a separate port but want the firewalls to be physically remote from each other?

The HA link is meant to be a direct cable, it definitely should have its own port and not be on a VLAN, I'm guessing you are using a separate port but want the firewalls to be physically remote from each other?

Currently both XGs are in one room and the HA link is a direct connection. We plan to separate the firewalls and locate them in 2 different rooms. Due to the fact, that there is only fiber-cabling between this rooms, a direct HA link isn't possible. That's why I am thinking about the above described solution and the behavior in case of the failure of the "main" WAN switch (left one).

Another idea would be Fiber-Converters in-between, but I really don't like such converters. ;)

Pretty much all the new models have SFP ports built in and most of the older ones, 210 up I think, can have SFP ports added.  Wouldn't that be the better route?

We are using 2 XG135 Rev. 2.

I think, SFP is no option for that model, isn't it?

You may well be right, we use the 4xx, 3xx and 2xx models and they have always had SFP options.  I see the rev3 135 has an SFP port and you can install more in the option slot.  

The point is, if you split the appliances but leave a single point of failure open, it delays the issue to another point but can cause other problems.

You can use a explicit VLAN for this traffic. But if this line fails, but appliances will go in Master/Primary mode. 

This can cause a huge issue in your network.

https://community.sophos.com/kb/en-us/123174