Configuring High Availability (HA) on Sophos UTM

  1. Prerequisite
    • Minimum two nodes (two appliances Sophos UTM)
    • Maximum 10 nodes
    • Add license to the devices
    • Both UTMs appliances must same model
    • Both UTMs appliances must same version firmware or version of primary node (Master node) higher than other node (Slave node).
  2. Configure  High Availability
    • Go to Management | High Availability

ha_1

    • Selects Configuration Tab
    • Set up some information follow:
      • Operation mode: select Host Standby (Active-Passive) or Cluster (Active-Active)
      • Sync NIC: select interface need connect HA port (default is interface eth3)
      • Devices Name: the name of node currently configuring
      • Devices Node ID: 1 or 2 depending on the host (they must be different)
      • Encryption key: password use to encryption, it has to match on both nodes.
      • Repeat: re-enter password encryption.
    • Click Apply

ha_a-a

 

    • come back Status tab you see follow picture

ha_3

 

    • At the moment, you will connect both devices via Cross-Cable at the Sync-Interface

IMG20150423130856

    • On the Status tab, you will see synchronize processing:

ha_syncing

 

    • see logging and system status SYNC between two devices

ha_loging

 

ha_status

 

    • Synchronize process finish!

ha_finish

 

Done, Thanks you for watching!

2 Comments

  1. Hi Joe,

    I am configuring 2 Sophos UTMs for high availability, At what point did you connect the 2nd UTM to the LAN and WAN connections? Did you configure anything on the 2nd UTM or did everything configure from the primary? I’m confused as to whether the 2 UTMs will have the same hostname and same LAN IP address. Any help would be appreciated.

    Thanks

  2. The manual configuration of an Active/Passive HA is simple. However, it gives you some more options
    like which LAN port to use for synchronization, device names, node IDs and encryption key.
    Once this data is entered on the first node you only need to connect the slave node to the master node and
    either take the same configuration steps as for the first node or use the automatic configuration feature to add
    the second node automatically.

    https://www.sophos.com/en-us/medialibrary/PDFs/documentation/asg_8_HA_deployment_geng.pdf

Leave a Reply to Marcus Jeter Cancel reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.