Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 548 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Conflict in roles in HA

Angelo Orlando1

Currently we are suffering a conflict of roles between 2 firewall XG330 in HA ACTIVE-PASSIVE: both think they are the primary.

LAN MASTER.     192.168.100.16/23   PORT1    cisco gi1/1.     PORT 6 USED FOR HA DIRECT CABLE to AUXILIARY

LAN AUXILIARY.  192.168.101.16/23    PORT1    cisco gi1/2.      PORT 6 USED FOR HA DIRECT CABLE to PRIMARY

Because they both think they are master|primary, the auxiliary|secondary is not reachable because it assigned itself  same ip address & mac-address of the master|primary

We have this confirmation from the LOG on the cisco switch : mac-flapping betweeen the ports where the SOPHOS LAN PORT1 is connected for both

We have this confirmation because disconnecting the auxiliary from the network and connecting directly a laptop: it results pingable as the master and same mac-address on the arp table of the laptop.

Any idea how to proceed to let the secondary firewall stopping to believe it's the primary?

We tried already to disconnect the HA PORT6 cable and restart the AUXILIARY devices but nothing changes!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Angelo Orlando1

    nvram get '#li.master
    Perform the following command on both the appliances if you get yes 
    that appliance will be active one !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    On the primary|master ONLINE it's a YES

    On the Auxiliary|slave  OFFLINE it's a NO (currently this is the one having the same ip and mac-address of the primary)

    so connected to our switch is not reachable|pingable and results in a mac flapping in the switch logging.

    What we do not understand is why the secondary, after the restart, didn't come back on the original slave configuration for ip and mac-address!

    Angelo Orlando | Global IT Project Coordinator | Sharbatly Fruit KSA

Unfiltered HTML