This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Monitoring HA

Hello Sophos and Community,

this topic seems to be an problem for a long time and i have tried to figure out how but i just seems, that there is no way.

We are using the Sophos XG Web API which is for at least some part documented (https://docs.sophos.com/nsg/sophos-firewall/19.0/API/index.html).

We Deploy alot of system with HA and we see that seems to failing at some point without anyone noticing. This really is a common problem Sophos should fix!

Now we are trying to monitor, monitor an HA status and i don't understand why there is no way to do, if so.

We can get the HAConfiguration via the API with "HAConfigure" but does not contain any status.

For example, this is an output of a failed HA via API:

<Response APIVersion="1900.1" IPS_CAT_VER="0">
  <Login>
    <status>Authentication Successful</status>
  </Login>
  <HAConfigure transactionid="">
    <HA_Interactive>
      <Device>Active_Passive</Device>
      <PeerAdministrationList>
  <PeerConfiguration>
    <IPAddressV4>10.4.31.253</IPAddressV4>
    <IPAddressV6 />
    <Interface>Port1</Interface>
    <ReserveBridgePort />
  </PeerConfiguration>
</PeerAdministrationList>
      <ClusterID>0</ClusterID>
      <Passphrase
passwordform="encrypt">THISISSECRET
04</Passphrase>
      <DedicatedLink>Port4</DedicatedLink>
      <DedicatedLinkIPAddress>169.254.192.2</DedicatedLinkIPAddress>
      <KeepAlive_Interval>250</KeepAlive_Interval>
      <KeepAlive_Attempts>16</KeepAlive_Attempts>
      <HostMAC>Disable</HostMAC>
      <FallbackPrimaryDevice>Enable</FallbackPrimaryDevice>
    </HA_Interactive>
  </HAConfigure>
</Response>

And this is a screenshot from the Dashboard:

Seems good. Well but take a closer look and check the HA Status:

This does not look nice :) And knowbody knows, if not manually looking.

Did anyone get any kind of HA status from the XG. I tried monitoring the Interface, but it is just gone as via the api if you configure HA.

I have no idea left and this is something we really should monitor. We deploy HA systems and they just fail silently, that's a problem!

Thank your for any help. And Sophos. Please fix this.

This thread was automatically locked due to age.

Top Replies

Vishal_R over 2 years ago +1

Hi Michael Schneider Thank you for the detailed information. How about managing HA status alerts via SNMP? In SNMP we have HA state MIB and that will help you on your actual requirement of "Monitoring…

0 Bharat J over 2 years ago
Hi Michael Schneider

Thank you for reaching out to the community, please verify the logs for below command to identity the issue :

Connect to the Sophos Firewall console by using one of the following methods:

Connect by using a Secure Shell (SSH) such as PuTTY: Sophos Firewall: SSH to the firewall using PuTTY utility

Open the Console from Sophos Firewall's GUI by going to Admin > Console.

Sign in and select 5. Device Management > 3. Advanced Shell.

cat /log/msync.log | grep “ha:”

cat /log/applog.log | grep “ha:”

Thanks and Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Vishal_R over 2 years ago

Hi Michael Schneider Thank you for the detailed information. How about managing HA status alerts via SNMP? In SNMP we have HA state MIB and that will help you on your actual requirement of "Monitoring HA status".

HaState ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for HA State"
SYNTAX INTEGER {
notapplicable ( 0 ),
auxiliary ( 1 ),
standAlone ( 2 ),
primary ( 3 ),
faulty ( 4 ),
ready ( 5 )

Regards,

Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up +1 Vote Down

Cancel
0 Michael Schneider over 2 years ago in reply to Bharat J

Hell Bharat, thank you for your time and answer. I do not actually see a way to automate this in a good way.
I would like to activly pull a status from the device and not monitor some logs which might have a occurance of "xyz"
Cancel
Vote Up 0 Vote Down

Cancel
0 Michael Schneider over 2 years ago in reply to Vishal_R

Hi Vishai,

I will give that a shot, but the hole point of me using the webapi is that i can query it via WAN which i can't or well i would not love to do with snmp Dou you got any details oids for this ?
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 2 years ago in reply to Michael Schneider

Hello Michael Schneider,

Here are the useful links below:
> https://www.sophos.com/en-us/medialibrary/PDFs/documentation/SophosFirewall/Other-documents/SOPHOS-MIB.txt?la=en
> https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Administration/SNMP/index.html#snmpv3-users-and-traps
> http://www.net-snmp.org/docs/mibs/index.html
> https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/SNMP.html

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Michael Schneider over 2 years ago in reply to Vivek Jagad

Thanks :) I don't see the HAState metioned above until now but sophos already did "kill this" idea.
I need a WAN side Monitoring and we disable anything on the WAN Zone. But setup a LocalACL Rule for our IP Only with https and userportal. But for whatever reason you cannot enable SNMP in a Local ACL Rule :)
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 2 years ago

I would recommend to use Central for this.

Central will generate an alert specifically for degraded HA State. So you can monitor via API this particular Alert.

If the alert comes up, you can call for next steps.

See: https://developer.sophos.com/

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 Michael Schneider over 2 years ago in reply to LuCar Toni

Hey Lucar, i will give that a shot aswell. The i am really hoping that at some point you can actually do and monitor xg's via central api.
Thanks for the the idea. I do not like the concept of monitoring a log insteaed of of the actual current status, but i guess it is better than nothing.
I just don't understand why the sophos xg web api is lacking alot of features and there are a lot of bugs ;) Would be nice to have a single source of monitoring :)
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 2 years ago in reply to Michael Schneider

I do not see the bug in your initial post. Because the API is a configuration API, not a status API. This means, you do not have access to some of those live events and status updates of certain parts of the hardware.

Nevertheless, Central API will be extended by firewall API. There "should" be a HA flag in Central as well.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 Michael Schneider over 2 years ago in reply to LuCar Toni

I did not say that there is bug. But there are alot and just wrong documentation.
Something like this, just as one of alot examples:

I read "Datatype" is INTEGER. Expecting a Number with Range of 0 - 2 as explained in the Note.

The Actual Result is a String containing Enable, Disable

You just can't trust the api documentation
Cancel
Vote Up 0 Vote Down

Cancel

Sophos XG Monitoring HA

Top Replies

Submitted a Tech Support Case lately from the Support Portal?