Redundant internet for HA firewall

Hello John245 ,

Thank you for reaching out to the community, you can refer the HA architecture and design here - https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/HighAvailablityStartupGuide/AboutHA/HAArchitecture/index.html

And about HA requirements, prerequisites here -  https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/HighAvailablityStartupGuide/AboutHA/index.html

Vivek Jagad Thanks, but HA is already set-up and working. The question is about the addition of redundant internet to the HA cluster. Is this the smartest way to do this and/or are addition components/cables required?

---

John

We don't recommend monitoring the WAN link in HA, because HA is designed to failover if any of the ports fluctuate in the monitoring Ports section. A failure of the ISP will result in an unnecessary failover, since traffic can be switched from one ISP to another in the same appliance under the WAN link manager.

Vivek Jagad I was not planning to monitor the WAN link. But set up the ISP as below. I assume this is what you intended.

---

John

Vivek Jagad I was not planning to monitor the WAN link. But set up the ISP as below. I assume this is what you intended.

---

John

Hey John245 , In that case this looks perfect for the reference & validation here is the KBA - Configure redundant internet connection using WAN Link Manager feature - https://support.sophos.com/support/s/article/KB-000038337?language=en_US