NOTE: The Sophos Free Home Use firewall contains its own operating system and will overwrite all data on the computer during the installation process. Features full protection for your home network, including anti-malware, web security and URL filtering, application control, IPS, traffic shaping, VPN, reporting and monitoring, and much more. LAG (LACP or LLDP) on the dedicated HA interface.Our Free Home Use Firewall is a fully equipped software version of the Sophos Firewall, available at no cost for home users – no strings attached.Session failover with dynamic interfaces in active-passive mode.Dynamic IP addresses on any interface in active-active mode.Overriding the MAC address on the dedicated port.Alias IP addresses or VLANs on dedicated HA port. Cellular WAN configuration isn't supported in any HA mode. HA in active-active mode isn't supported. DHCP and PPPoE: When interfaces are dynamically configured using DHCP or PPPoE, only HA in active-passive mode is supported.The following configurations aren't supported on an HA cluster: In this case, you add the device to HA when you use the setup assistant. You don't need to purchase a separate base firewall license or a separate serial number for the auxiliary device. When you register the serial number of the primary device, SFOS creates the auxiliary device. If a software or virtual device is used, you need to purchase only one base license.You don't require a license for the auxiliary device. In active-passive mode, you require a license only for the primary device.Zero-day protection doesn't affect the HA setup regardless of the expiry date in each device. In active-active mode, both devices require a license.You must configure the firewall that carries the license subscription as the primary node during the initial HA setup.To solve this issue, see 1U XGS series firewalls unable to establish HA when using FleXi Port as dedicated HA link. You'll see the error message "HA could not be enabled" if one or more of these conditions isn't met.ġU XGS series firewalls don't automatically establish HA when using a FleXi port as the dedicated HA port. The HA interface must be active, the network cable must be connected to both devices, and the auxiliary device must be reachable to establish HA.We recommend you turn off Spanning Tree Protocol (STP) on the dedicated HA link. The HA link latency increases with distance.The dedicated HA link must use the default link speed and MTU-MSS.This means you must turn on port-fast and turn off both spanning tree protocol (STP) and RSTP for the switch ports Sophos Firewall connects to. For example, on a Cisco Catalyst-series switch, you must turn on spanning tree port-fast for each port connecting to Sophos Firewall interfaces. If you connect the HA devices to an Ethernet switch that uses the spanning tree protocol (STP), you may need to adjust the link activation time on the switch port connected to the Sophos Firewall interfaces.Before you configure HA, you must turn off DHCP and PPPoE on the HA interface.Ensure that the IP address of the HA link port of the primary and auxiliary devices is in the same subnet.You must turn on SSH on the DMZ zone for both devices.The dedicated HA link port must be a member of a zone with the type DMZ and have a unique IP address on both devices.You must connect the cables to all the monitored ports on both devices.Wireless models don't support high availability. This will allow you to move the HA pair to a different group in Sophos Central if you want. For standalone firewalls already managed from Sophos Central, we recommend that you deregister them, configure HA, and reregister them for Sophos Central management.This includes maintenance releases and hotfixes. The devices must have the same firmware version installed.This includes when any FleXi port expansion modules are installed. All devices must have the same number of ports or interfaces.An XG 230 or even an SG 210 can't be used. For example, an XG 210 rev3 can only connect to another XG 210 rev3. Devices in the HA cluster (primary and auxiliary) must be the same model and revision.You must meet the following requirements before you configure HA. Your browser doesn’t support copying the link to the clipboard. It will remain unchanged in future help versions. Always use the following when referencing this page.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |