Great video! As an MSP, we understand that choosing the right tools is crucial. Our success comes from reliable backups, a robust RMM, Sophos for strong security, and Thirdlane Multi Tenant PBX for telecom. It’s all about having the perfect toolkit.
I have two sophos running as active-passive in datacenter, and i take the passive device to another location, bat the status of HA is standalone ,and not running as active- passive
You won't be able to run HA from two different locations. The HA Interface will need to be connected and all the ports and IP Addresses will need to the same on both firewalls. It is in Standalone because it can't see the Primary and the HA has failed.
can HA be setup with peer FW has been fully setup? or i must reset the FW in order to setup, also can i register the Device to sophos Central before HA is initiated?
HA can be setup in the UI for both Primary and Aux. Just remember that the configuration on the Aux device would be overwritten and it would mirror the primary firewall.
I'm using this video at this very moment, respecting all requirements but the option "Connect as HA Spare" doesn't show up. It shows up only "Restore the backup".
Yes, it seems that on Hardware that option was removed. Just set up the Network HA Interface, Enable the DMZ Zone to Allow SSH and Ping, then set up the HA on the Aux Device. Same result.
i am having the Primary firewall in one building and Auxillary Firewall in another building , distance is around 300m with Single mode fiber cable. can i use SFP port as HA port ??
You can use any port as the HA port. However, keep in mind that the Auxiliary Firewall needs to have all the same connections as the Primary Firewall. LAN, WAN, HA, etc..It will mirror the connections and IP Addresses from the Primary.
Hi Jean, Happy to demo how HA works on the Sophos Firewall. Please reach out to your local Sophos Team and ask them to setup a meeting with me. Thanks, Steve Weber
Hi Steve, After upgrade from 17.8 to 18.5 we had to recreate the HA. After trying to recreate active-passive HA, primary device has loaded configuration from secondary which was "empty" with config. We were following the official procedure, which is almost same as yours. Do you have any idea what was done wrong? Just to mention that both appliances has the same FW and patterns (XG115). BR
Without knowing exactly what was done, I wouldn't be able to say. Once restored, if you experience this again I would reach out to the Local Sales Engineer and Sophos Support to review. They can definitely include me as well. -Steve
Great video! As an MSP, we understand that choosing the right tools is crucial. Our success comes from reliable backups, a robust RMM, Sophos for strong security, and Thirdlane Multi Tenant PBX for telecom. It’s all about having the perfect toolkit.
This is very robust presentation. Very concise and brief. Thank you!
I have two sophos running as active-passive in datacenter, and i take the passive device to another location, bat the status of HA is standalone ,and not running as active- passive
You won't be able to run HA from two different locations. The HA Interface will need to be connected and all the ports and IP Addresses will need to the same on both firewalls. It is in Standalone because it can't see the Primary and the HA has failed.
can HA be setup with peer FW has been fully setup? or i must reset the FW in order to setup, also can i register the Device to sophos Central before HA is initiated?
HA can be setup in the UI for both Primary and Aux. Just remember that the configuration on the Aux device would be overwritten and it would mirror the primary firewall.
I'm using this video at this very moment, respecting all requirements but the option "Connect as HA Spare" doesn't show up. It shows up only "Restore the backup".
Yes, it seems that on Hardware that option was removed. Just set up the Network HA Interface, Enable the DMZ Zone to Allow SSH and Ping, then set up the HA on the Aux Device. Same result.
@@SophosMSPGlobal I'm using a pair of Sophos SG230 just FYI
@@blogaidentu As long as they are both the same Rev it will set up HA without a problem.
@@SophosMSPGlobal I suggest to add a note about the existence of the option “only for vm appliances”
i am having the Primary firewall in one building and Auxillary Firewall in another building , distance is around 300m with Single mode fiber cable. can i use SFP port as HA port ??
You can use any port as the HA port. However, keep in mind that the Auxiliary Firewall needs to have all the same connections as the Primary Firewall. LAN, WAN, HA, etc..It will mirror the connections and IP Addresses from the Primary.
can you show how to use failover with the HA?
Hi Jean, Happy to demo how HA works on the Sophos Firewall. Please reach out to your local Sophos Team and ask them to setup a meeting with me. Thanks, Steve Weber
Thanks broooo 😘😘❤️
Hi Steve,
After upgrade from 17.8 to 18.5 we had to recreate the HA. After trying to recreate active-passive HA, primary device has loaded configuration from secondary which was "empty" with config. We were following the official procedure, which is almost same as yours. Do you have any idea what was done wrong? Just to mention that both appliances has the same FW and patterns (XG115). BR
Without knowing exactly what was done, I wouldn't be able to say. Once restored, if you experience this again I would reach out to the Local Sales Engineer and Sophos Support to review. They can definitely include me as well. -Steve