HA configuration

Options for configuring high availability.

You can set up Sophos Firewall in high-availability mode as an active-active or active-passive cluster, depending on your requirements.

Mode

Description

Active-passive

When the primary firewall fails, the auxiliary firewall automatically takes over traffic processing, preventing downtime.

Active-active

In active-active mode, both the primary and auxiliary firewalls process traffic. The primary firewall receives all network traffic and load balances the traffic using the auxiliary firewall to handle some traffic processing. If the primary firewall fails, the auxiliary firewall takes over all network traffic processing.

You can configure high availability in two ways, depending on the amount of customization you require in the configuration. These options are described below:

  • QuickHA. For ease of configuration, we recommend using this mode.
  • Interactive.

Configuration mode

Description

QuickHA

QuickHA provides a way to easily set up Sophos Firewall as a high-availability system with the minimum configuration steps by automatically selecting default configuration values.

Once HA is configured and enabled with QuickHA, you can configure advanced HA options. Examples: monitoring port, keep-alive timer, and failback to primary settings.

Interactive

Interactive mode allows you more control over the HA settings. In this mode, you can choose parameters that QuickHA would otherwise select automatically, such as assigned virtual MAC address and peer administration settings.

In this mode, you configure the auxiliary firewall first, followed by the primary.