Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 31 subscribers
  • Views 1223 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Monitoring HA

Michael Schneider

Hello Sophos and Community,

this topic seems to be an problem for a long time and i have tried to figure out how but i just seems, that there is no way.

We are using the Sophos XG Web API which is for at least some part documented (https://docs.sophos.com/nsg/sophos-firewall/19.0/API/index.html).

We Deploy alot of system with HA and we see that seems to failing at some point without anyone noticing. This really is a common problem Sophos should fix!

Now we are trying to monitor, monitor an HA status and i don't understand why there is no way to do, if so.

We can get the HAConfiguration via the API with "HAConfigure" but does not contain any status.

For example, this is an output of a failed HA via API:

<Response APIVersion="1900.1" IPS_CAT_VER="0">
  <Login>
    <status>Authentication Successful</status>
  </Login>
  <HAConfigure transactionid="">
    <HA_Interactive>
      <Device>Active_Passive</Device>
      <PeerAdministrationList>
  <PeerConfiguration>
    <IPAddressV4>10.4.31.253</IPAddressV4>
    <IPAddressV6 />
    <Interface>Port1</Interface>
    <ReserveBridgePort />
  </PeerConfiguration>
</PeerAdministrationList>
      <ClusterID>0</ClusterID>
      <Passphrase
passwordform="encrypt">THISISSECRET
04</Passphrase>
      <DedicatedLink>Port4</DedicatedLink>
      <DedicatedLinkIPAddress>169.254.192.2</DedicatedLinkIPAddress>
      <KeepAlive_Interval>250</KeepAlive_Interval>
      <KeepAlive_Attempts>16</KeepAlive_Attempts>
      <HostMAC>Disable</HostMAC>
      <FallbackPrimaryDevice>Enable</FallbackPrimaryDevice>
    </HA_Interactive>
  </HAConfigure>
</Response>

And this is a screenshot from the Dashboard:

Seems good. Well but take a closer look and check the HA Status:

This does not look nice :) And knowbody knows, if not manually looking.

Did anyone get any kind of HA status from the XG. I tried monitoring the Interface, but it is just gone as via the api if you configure HA.

I have no idea left and this is something we really should monitor. We deploy HA systems and they just fail silently, that's a problem!

Thank your for any help. And Sophos. Please fix this.



This thread was automatically locked due to age.
Parents
  • 0

    I would recommend to use Central for this. 

    Central will generate an alert specifically for degraded HA State. So you can monitor via API this particular Alert.

    If the alert comes up, you can call for next steps. 

    See: https://developer.sophos.com/

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I checked the central the approach, but i am "stucked".

    We have a faulty HA Status in Central, which is actually shown in the firewall status:

    I crawled through all central events on this specific customer as a test but could not find any "fail" event.

    There are not that much firewall events and i found those 4:

    But they explicitly said the HA Status is not impared, which could be happen on a failover or firmware update or just a reboot. It is a warning, which at least for me says: everything is, but one note is rebooting or do i missunderstand? And it seems to happen 4 times with a recover after that, i found the recover events, but not for every date:

    Seems to be No Recover Event for Juli 16. and Juli 20. But two 2 the 27. Mai.

    Do you have any more details about the event you mean?

    Thank you.

  • 0 in reply to Michael Schneider

    Did you or somebody eventually cleared the alert? Because the alert should be generated on those dates as you can see. 

    __________________________________________________________________________________________________________________

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML