Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1307 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to join 2nd node of HA to Sophos Central

Ben@Network

Hello Community,

I have an active-passive setup with two XGS 2300 (SFOS 18.5.2). HA is working. Both boxes are connected to the internet and LAN, also the HA-Link is established. The Firewall have 3 WAN Uplinks, but now only one is connected. 

Now I want to manage the Firewalls with Sophos Central. I joined the first box without any problems. If I want to join the 2nd box, I'll get this message on WebAdmin: "The operation timed out, please try again later"

In the "centralmanagement.log" I see these entries (the S/N is my joined primary device):

2021-12-17 09:46:38Z INFO central-connect[25468]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/X2300XXXXXXXXXX/sshTunnel Timezone: Europe/Berlin
2021-12-17 09:46:38Z INFO central-connect[25468]:271 main:: - got response of poll for SSO. Status: disconnected backupExpected:

In the "sophos-central.log" I have on entries while trying to join. 

It changes nothing if I disable the 2 unused WAN uplinks.

Has anybody an idea?

Thanks, Ben



This thread was automatically locked due to age.
Parents
  • 0

    I have deactivated the HA and recreated it. I was then able to register both firewalls in Sophos Central. 

    Now when I want to move the firewalls a group I get the error message: "One or more HA Firewalls are not in an acceptable state. Please wait until HA has been established and then try to move them to the group."

    The firewall console itself also shows me the healthy state of the firewalls:

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Ben@Network

    Essentially i would always recommend to join Central after the HA is built. Then wait some minutes to add the HA to the group. If this concept does not work, then try to rejoin Central. Feel free to try out the OTP join. 

    __________________________________________________________________________________________________________________

  • +1 in reply to LuCar Toni

    I had built the HA and registered both firewalls (from primary device) to Sophos Central and accepted the firewall in Central. Everything looks good, but I can't move the firewall to a group until I switched to the aux device. After the switch I saw in Central the aux device to be accepted. Last I accepted the 2nd device, and I was able to move the complete HA to a group. Done.

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • +1 in reply to LuCar Toni

    I had built the HA and registered both firewalls (from primary device) to Sophos Central and accepted the firewall in Central. Everything looks good, but I can't move the firewall to a group until I switched to the aux device. After the switch I saw in Central the aux device to be accepted. Last I accepted the 2nd device, and I was able to move the complete HA to a group. Done.

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?