Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 3495 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What happens when HA and the main WAN interface get broken simultaneously

PascalBuelow

I plan to add an LTE router to our 2nd serverroom. Therefor i planned the network as follows:

The WAN switch should work with VLANs.
To make the VLANs more obvisious, I used the following colors:

Brown = VDSL (over PPPoE)
Green = LTE (only used, when DSL connection broken),
Red = Sophos HA link
black = LAN

The "Sophos XG" are in active-passive HA config.

 

And now tback to the question:
What happens, when the left XG is the current active one and also the left "WAN Switch" gets broken?
Will HA work or will HA not work due to the fact, that the HA link is also on the same (broken) switch?

My hope is, that XG HA failover will work as expected and the LTE router gets the gateway for internet-traffic.



This thread was automatically locked due to age.
Parents
  • 0

    The HA link is meant to be a direct cable, it definitely should have its own port and not be on a VLAN, I'm guessing you are using a separate port but want the firewalls to be physically remote from each other?

  • 0 in reply to CMR

    Currently both XGs are in one room and the HA link is a direct connection. We plan to separate the firewalls and locate them in 2 different rooms. Due to the fact, that there is only fiber-cabling between this rooms, a direct HA link isn't possible. That's why I am thinking about the above described solution and the behavior in case of the failure of the "main" WAN switch (left one).

    Another idea would be Fiber-Converters in-between, but I really don't like such converters. ;)

  • 0 in reply to PascalBuelow

    Pretty much all the new models have SFP ports built in and most of the older ones, 210 up I think, can have SFP ports added.  Wouldn't that be the better route?

Reply Children