Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 862 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG "Server Load Balancing" for Terminalserver

Indimundur

Hello dear community,

I would like to bring the old SG function in XG.

I am using a virtual host (10.10.10.10) which should be accessed by terminal server users with the DNS "hq.ts".
This all happens on the internal company network.

The balancer checks if the real servers (10.10.10.20 + 10.10.10.21) are active. The user should receive only one active IP.

But I can't find any instruction or function that corresponds to this behavior.

Translated with www.DeepL.com/Translator (free version)



This thread was automatically locked due to age.
  • 0

    XG does not have availability groups. You can resolve this in your own DNS Server and simply reflect the DNS record to two individual IPs. It should works fine. 

  • 0 in reply to LuCar Toni

    The XG does not have this, it does not have that ...

    But promise that all functions are present.

    Do LE yourself
    NTP must be built in a NAT
    and now I still need my own DNS?

  • 0 in reply to Indimundur

    SFOS comes with a lot of features, not included in any way in UTM. So there some features, not included in SFOS, instead invested in other areas of improvements. Therefore you cannot expect a 1:1 coverage of features. 

    Just some features in SFOS: User based firewalling. Synchronized Security and all features attached to it. Central Integration and all features attached to this (CFR, XDR etc.). DPI Engine and TLS1.3 decryption. XGS Hardware platform with own chips. Just to name a few. 

  • 0 in reply to LuCar Toni

    Well, that doesn't help me if I first have to puzzle out some familiar basics and create my own services.

    Not even complex features are taken out, all the missing building blocks mentioned are odds and ends.

    Perhaps this is also due to the wrong advice from the sales / dealer. It is already enormously annoying when I have to cancel the 2nd migration and take the SG up again.

  • 0 in reply to Indimundur

    Why are you talking about "Taken out"? Sounds like it was there and got removed. It was never in the platform to begin with. And Sophos is focusing on security features like DPI, Central management and other parts right now. 

    Load balancing as a feature is kinda interesting, as most of those features are either resolved on the protocol level or needs a complete revamp on SD-WAN level, which is currently on the next step. 

    Load balancing is most likely not a job of a firewall to begin with. Its the job of a load balancer or the application brings something to the table. For example RDP: A firewall never knows, how much load is generated on the server. It only can try to figure out, how much sessions are open to a server and open another session to server2. But real load balancing is done on a TS level. See: https://turbofuture.com/computers/How-to-Setup-Remote-Desktop-Connection-Broker-for-Windows-2016

    Why not using this in the first place? Simply use the tools of microsoft and use the load balancing instead.

    I know, there are plenty of configuration done in the past like this kind of load balancing. But in the end, it works only limited due the implementation. 

    And if i understand your screenshot correctly, it looks like those farms are on different locations. Therefore a solution like SD-WAN would be good, which uses a true load balancing between those sites. Something more enhanced to begin with, which uses Jitter or current load on the IPsec link to maintain a stable link.