Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 2 subscribers
  • Views 3098 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA Unit

nabil.alwan2004
Hi all,

I want to have a failover UTM but in an office connected to us by Fiber Optic Cable (LAN Connection), so should I connect both units by direct cables or through a VLAN for their HA ports?

And thanks in advance.


This thread was automatically locked due to age.
  • 0
    You want to connect with direct cables.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Hi Scott,

    i also will have that configuration to perform on a network that has two sites (and the idea is to install the second UTM over that remote site).

    Our idea was precisely to have a vlan connecting the two HA interfaces (from each UTM). According to your last comment, this is not supported? 

    Thank you in advance.
  • 0
    Peter, the HA interface can't add a VLAN tag to the Ethernet frame.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    but an untagged switchport can do it.

    Astaro user since 2001 - Astaro/Sophos Partner since 2008

  • 0
    It is possible to create a VLAN only in the switches and make access ports out of it where the HA connection is connected. That way the HA-traffic is completely separated from other traffic in the switches. I think this could work.....

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    Thanks for the comments. I wil make this week this installation. I will later post over here the results.
  • 0
    Peter, in any case, you must provide identical connectivity to both UTMs all LAN and WAN connections must be identical.  I don't know of any HA setups in the world like you're thinking about trying.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi BAlfson,

    I was able to it with success. 

    This regards two SG430. Both units have same physical installation (network cables).

    On UTM 1, after making the configuration (network protection, webprotection, etc), i´ve enabled the High Availabilty (Didn´t choose the "Automatic Detection" - i´ve configured the eth8 port for the high availability) 

    On UTM 2, i´ve also have done this (only configuring the high availability and choosing the same NIC - eth8) to be used). Didn´t perform any other configuration on the UTM. (i´ve had to do this on the second UTM - Otherwise the two nodes would no go up).

    After, i´ve just rebooted the second UTM, and the high availability began to work (testing, causing a failure on the master node, and everything worked like a charm).
     
    The only diference is that the second UTM (the slave node) is connected to a 100 Mbit switch and despite the first node (master) is connected to a Gbit switch, the interfaces have negotiated to 100 Mbit.

    I´m still making some more tests. I will make an update later.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?