This topic was discussed here but I found a way to make it work.
However, this solution causes something else very important to stop working.
The following problem originally exist.
Based on Sophos SFOS 18.5.1 MR-1-Build326
When creating a new hotspot (Wireless / Hotspots / Add), only interfaces directly connected to the firewall can be selected.
Interfaces that sit behind a RED cannot be selected. To make this possible, it is necessary to create a bridge, described in KB-000035548 (support.sophos.com/.../KB-000035548
Here, the local hotspot / guest interface and the RED interface should be selected as members. Please do not forget to define DHCP.
This bridge can then be selected as an interface for a hotspot.
The whole thing works as intended and desired.
But now comes the but. If you also use an HA cluster, the problems arise. The cluster fails in an HA failover.
The cluster members are for a time period of 5-10 minutes not reachable, after the new "primary" member firewall is reachable its in failsafe mode. Only a complete turn off and on again causes the member firewall to work normally.
This means that an automatic HA function is no longer possible. Previous analysis suggests that the NAT rule for the created hotspot causes this problem.
Does anyone have similar experiences or even a solution?
This thread was automatically locked due to age.
