Skip to content

Manage an HA pair in Sophos Central

Follow these instructions to add and manage an high availability (HA) pair in Sophos Central.

How you upgrade depends on how your firewalls are set up. Your firewalls can be set up in either of the following ways:

  1. You are managing your firewalls in Sophos Central but they aren't in an HA pair.
  2. Your firewalls are in an HA pair but you aren't managing them in Sophos Central.

    Restriction

    If the firewalls in your HA pair are on an earlier version and are registered with Sophos Central, you must deregister them and upgrade them to 18.0 MR4 or later. When you've upgraded them, you must register the HA pair with Sophos Central. See Manage your HA pair in Sophos Central.

Create an HA pair from your centrally managed firewalls

You have two standalone firewalls running 18.0 MR3 managed from Sophos Central. You want to import the configuration from one of them and manage them as an HA pair.

  1. Upgrade both firewalls to 18.0 MR4. For more information, see Move to a different firmware version.

    The image below shows two separate firewalls managed in Sophos Central.

    Two separate firewalls managed in Sophos Central.

  2. On your Sophos Firewall, create the HA pair. For more information, see High availability configure the auxiliary Sophos Firewall.

    You can form an Active-Active or Active-Passive HA pair.

    Once the HA pair is created, a single HA pair is displayed in Sophos Central.

    An HA pair managed in Sophos Central.

You can now manage the firewalls as an HA pair in Sophos Central.

Manage your HA pair in Sophos Central

You have two Sophos firewalls in an HA pair. You want to manage them as an HA pair in Sophos Central.

The image below shows an Active-Passive HA pair.

An HA Pair in Sophos Firewall.

  1. Upgrade the primary firewall to 18.0 MR4. For more information, see Move to a different firmware version.

    This automatically upgrades the auxiliary firewall.

  2. On the primary Sophos Firewall, go to Central synchronization and click Register both HA devices to register the HA pair.

    Register your HA devices.

    The registration information is updated, as shown below.

    XG Firewalls registered.

  3. Once registration is complete, enable central management.

    For more information, see Enable Sophos Central management of Sophos Firewall.

  4. In Sophos Central, next to the primary firewall, click Approval Pending, then Accept Services.

    Accept Services.

    After a few minutes, the firewalls are displayed as a single HA pair.

    An HA pair managed in Sophos Central.

You can now manage the HA pair in Sophos Central. Any configuration changes you make in Sophos Central apply to both firewalls.