Manage an HA pair in Sophos Central

Follow these instructions to add and manage an high availability (HA) pair in Sophos Central.

Introduction

How you upgrade depends on how your firewalls are set up. Your firewalls can be set up in either of the following ways:

  1. You are managing your firewalls in Sophos Central but they aren't in an HA pair.
  2. Your firewalls are in an HA pair but you aren't managing them in Sophos Central.

Create an HA pair from your centrally managed firewalls

You have two standalone firewalls running 18.0 MR3 managed from Sophos Central. You want to import the configuration from one of them and manage them as a HA pair.

  1. Upgrade both firewalls to 18.0 MR4. For more information, see Move to a different firmware version.

    The image below shows two separate firewalls managed in Sophos Central.


    Two separate firewalls managed in Sophos Central
  2. On your XG Firewall, create the HA pair. For more information, see High availability.

    You can form an Active-Active or Active-Passive HA pair.

    Once the HA pair is created, a single HA pair is displayed in Sophos Central.


    An HA pair managed in Sophos Central

You can now manage the firewalls as an HA pair in Sophos Central.

Manage your HA pair in Sophos Central

You have two XG firewalls in an HA pair. You want to manage them as an HA pair in Sophos Central.

The image below shows an Active-Passive HA pair.


An HA Pair in XG Firewall
  1. Upgrade the primary firewall to 18.0 MR4. For more information, see Move to a different firmware version.

    This automatically upgrades the auxiliary firewall.

  2. On the primary XG Firewall, go to Central synchronization and click Register both HA devices to register the HA pair.

    Register your HA devices

    The registration information is updated, as shown below.


    XG Firewalls registered
  3. When registration is complete, enable central management. For more information, see How to enable Sophos Central management of your XG Firewall.
  4. In Sophos Central, next to the primary firewall, click Approval Pending, then Accept Services.

    Accept Services

    After a few minutes, the firewalls are displayed as a single HA pair.


    An HA pair managed in Sophos Central

You can now manage the HA pair in Sophos Central. Any configuration changes you make in Sophos Central apply to both firewalls.