Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 1472 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA cluster problem

kerobra

Hi,

we have a HA cluster that is in standalone/faulty state. The faulty device (standby) is still reachable through SSH over the HA link but as far as I can see it has the same IP configured on the LAN interface and so I cannot reach it through the peer administration IP. It seems both nodes have thought they are primary after a power interruption.

Is there any way to disable/enable HA through SSH so I can bring back the HA cluster?
I do not have physical access to the device as it is located 1500km or 3 country borders away.

I had the customer reboot the aux. device then Central reported "Both HA nodes are now connected and at full health." directly followed by a "One of the HA nodes is down or in a degraded state, and high availability is not degraded."

Regards,

Kevin



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Bharat J

    But that is the device concole, not advanced shell. I can only use advanced shell/SSH through the dedicated HA link.
    As I said, physical access is not possible because the devices are located in romania and we are located in germany, which makes it a bit difficult to plug cables.

    If I had physical access I would have reinitiated the HA services meanwhile and could also check the device cabling. But I am forced to remote assistance only, that is my problem.

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

  • 0 in reply to kerobra

    From SSH, Go to option 4 and share the status of the logs : 

    console>system ha show details

    console>system ha show logs lines 10000

    Also, share the status under CONFIGURE -->System Services --->High Availability and Device Access status under System->Administration

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to Bharat J

    OK, we can cut it off here...
    I requested the customer to take a picture of both firewalls and you imagine what? Port1 had no link.

    They seem to have found the issue since both nodes are available and synced now and the peer admin IP is reachable, too.

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

Unfiltered HTML