STAS Collectors - Best Practice?

Hi M8ey 

STAS fault tolerance

You can install STAS collectors on multiple AD servers for redundancy purpose, if the primary collector goes down, Sophos XG Firewall gathers the information from one of the other backup collectors. Sophos XG Firewall allows creating groups of collectors for fault tolerance. A maximum of 5 collectors can be added to a single collector group. When multiple STAS collectors are added to a single collector group, one of these will act as a primary, while the others will be reserved for backup. Collector preference is processed in order from top to bottom.

In the example below,  the active collector for testlab.com (Collector Group 1) would be 192.168.1.10, while 192.168.1.185 would serve as a backup should the active collector go offline. Additional domains or sub-domains should be added as an additional collector group. For example, the controller for the subdomain remote.testlab.com, 192.168.2.20 would be added as a standalone collector for Collector Group 2.

Reference community thread:

https://community.sophos.com/products/xg-firewall/f/authentication/83938/multiple-stas-collectors

Hope this helps!

Keyur said:

would serve as a backup should the active collector go offline

So in my case I am probably better to create 1 collector group and add my 3 DCs to it so I get full failover.

Keyur said:

would serve as a backup should the active collector go offline

So in my case I am probably better to create 1 collector group and add my 3 DCs to it so I get full failover.

Hi M8ey ,

Also once you add all of them in single collector group please add the collector entry under agent tab vice versa.

With your AD IPs 192.168.1.2 must have the collector entry of 1.27 and 100.9 and vice versa for all of three.



Reason : This way all 3 have sync of all event logs with each other and any one which is getting served by XG will able to replicate the user in live user.

Thanks guys :-)