XG310 19 HA Active Active & RED tunnel failover

Hello Dardan Selimi,

Thank you for reaching out to the community, 

• An active-active HA cluster does not load-balance VPN sessions, UDP, ICMP, multicast and broadcast sessions, scanned FTP traffic, and traffic coming through wireless RED devices and access points. TCP traffic for the user portal, web admin console or telnet console, and H.323 traffic sessions are also not load-balanced between the cluster devices. Control traffic for all modules isn't load-balanced.
  
  
• An active-active HA cluster will load-balance normal forwarded TCP traffic, including NAT (both SNAT & virtual host) forwarded TCP traffic. This includes TCP traffic passing through a proxy subsystem such as transparent proxy, direct proxy, parent proxy, and VLAN traffic.
• HTTPS connection load-balancing is supported.

Hello Vivek,

Thanks for your reply.

Perhaps, I was not very clear but I was not talking about traffic load-balancing.

I wanted to know why VPN RED tunnel was not re-activated on the Auxiliary after failover (Primary goes down scenario) in my deployment.

Thanks ans regards,

Dardan.

Thank you Dardan Selimi for the update, during that time did you check the syslog.log and red.log ?

On the client side, there is no errors:

Wed Jul 13 20:42:30 2022Z REDD INFO: server: Configuration uploader process starting

Wed Jul 13 20:42:30 2022Z REDD INFO: server: (Re-)loading device configurations

Wed Jul 13 20:42:40 2022Z REDD INFO: client: (Re-)loading device configurations

Reading REDv2 key from STDIN:

Reading REDv2 key from STDIN:

< I disabled then re-enabled the RED interface >

Wed Jul 13 20:47:31 2022Z REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0

Wed Jul 13 20:52:32 2022Z REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0

Wed Jul 13 20:57:33 2022Z REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0

On the server side, no errors...

All our FWs run the latest firmwares. However, we do not use RED unified firmware.

Thanks for your help.

On the client side, there is no errors:

Wed Jul 13 20:42:30 2022Z REDD INFO: server: Configuration uploader process starting

Wed Jul 13 20:42:30 2022Z REDD INFO: server: (Re-)loading device configurations

Wed Jul 13 20:42:40 2022Z REDD INFO: client: (Re-)loading device configurations

Reading REDv2 key from STDIN:

Reading REDv2 key from STDIN:

< I disabled then re-enabled the RED interface >

Wed Jul 13 20:47:31 2022Z REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0

Wed Jul 13 20:52:32 2022Z REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0

Wed Jul 13 20:57:33 2022Z REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0

On the server side, no errors...

All our FWs run the latest firmwares. However, we do not use RED unified firmware.

Thanks for your help.

Hi Dardan Selimi 

have you configured static routes for RED site to site ?

Regards

Hi Bharat J,

Thanks for your reply.

Yes, all routes are configured.

Regards,

Dardan.

Hi Dardan Selimi 

Thanks for your update.

I would like to suggest you configure dynamic routing instead of a static route so that you don't have to update the static route manually. 

Try to go through the below link to configure OSPF feature available on SophosXG you can also configure BGP or RIP if you want 

https://support.sophos.com/support/s/article/KB-000036328?language=en_US

Thanks and Regards