Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 665 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG310 19 HA Active Active & RED tunnel failover

Dardan Selimi

Hey folks,

I have 2 XG 310 in an active-active HA. When failover occurs (Primary goes down), the RED tunnel goes down and there is no failover for the RED tunnel. I need to disable and re-enable the RED tunnel...

Is it the correct behavior in an HA deployment?

Thanks in advance.

Dardan.



This thread was automatically locked due to age.
Parents
  • 0

    Hello ,

    Thank you for reaching out to the community, 

    • An active-active HA cluster does not load-balance VPN sessions, UDP, ICMP, multicast and broadcast sessions, scanned FTP traffic, and traffic coming through wireless RED devices and access points. TCP traffic for the user portal, web admin console or telnet console, and H.323 traffic sessions are also not load-balanced between the cluster devices. Control traffic for all modules isn't load-balanced.

    • An active-active HA cluster will load-balance normal forwarded TCP traffic, including NAT (both SNAT & virtual host) forwarded TCP traffic. This includes TCP traffic passing through a proxy subsystem such as transparent proxy, direct proxy, parent proxy, and VLAN traffic.
    • HTTPS connection load-balancing is supported.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hello Vivek,

    Thanks for your reply.

    Perhaps, I was not very clear but I was not talking about traffic load-balancing.

    I wanted to know why VPN RED tunnel was not re-activated on the Auxiliary after failover (Primary goes down scenario) in my deployment.

    Thanks ans regards,

    Dardan.

  • 0 in reply to Dardan Selimi

    Thank you for the update, during that time did you check the syslog.log and red.log ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply Children
  • 0 in reply to Vivek Jagad

    On the client side, there is no errors:

    Wed Jul 13 20:42:30 2022Z REDD INFO: server: Configuration uploader process starting

    Wed Jul 13 20:42:30 2022Z REDD INFO: server: (Re-)loading device configurations

    Wed Jul 13 20:42:40 2022Z REDD INFO: client: (Re-)loading device configurations

    Reading REDv2 key from STDIN:

    Reading REDv2 key from STDIN:

    < I disabled then re-enabled the RED interface >

    Wed Jul 13 20:47:31 2022Z REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0

    Wed Jul 13 20:52:32 2022Z REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0

    Wed Jul 13 20:57:33 2022Z REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0

    On the server side, no errors...

    All our FWs run the latest firmwares. However, we do not use RED unified firmware.

    Thanks for your help.

  • 0 in reply to Dardan Selimi

    Hi Dardan Selimi 

    have you configured static routes for RED site to site ?

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Hi Bharat J,

    Thanks for your reply.

    Yes, all routes are configured.

    Regards,

    Dardan.

  • 0 in reply to Dardan Selimi

    Hi Dardan Selimi 

    Thanks for your update.

    I would like to suggest you configure dynamic routing instead of a static route so that you don't have to update the static route manually. 

    Try to go through the below link to configure OSPF feature available on SophosXG you can also configure BGP or RIP if you want 

    https://support.sophos.com/support/s/article/KB-000036328?language=en_US

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML