Quick HA

QuickHA provides a way to easily set up Sophos XG Firewall as a high availability system with the minimum configuration steps by automatically selecting default configuration values.

QuickHA lets you set up XG Firewall as a high availability (HA) system easily and quickly.

You can use QuickHA to set up HA systems using both hardware and software appliances. It uses pre-designated HA ports to minimize your input.

You can configure your XG Firewall devices in any order.
Note You can't enable HA if you turned on STP on a bridge interface.

To use QuickHA, do the following.

  1. Connect the XG Firewall devices using a network cable plugged into the dedicated HA port on both units.
  2. Sign in to the web admin console of the primary XG Firewall and go to System services > High availability.
  3. Select the Initial device role.
  4. Ensure QuickHA is selected. You’ll see default settings (which you can change), as described in the steps that follow.
  5. QuickHA generates a Passphrase automatically. You can also change the passphrase manually.
    Note The passphrase is used only once to generate the SSH keys used to encrypt communication over the HA link. It's then deleted.
  6. Quick HA selects a Dedicated HA link automatically. You can also select an interface manually.
    Note By default, QuickHA selects the first unbound interface. If this is not available, it uses the first DMZ port. This interface will be renamed QuickHA Mode interface and assigned an IPv4 address from the link local range, 169.254.0.0/16.
    CAUTION If Quick HA selects a DMZ port that’s already in use, its current configuration will be overwritten.
  7. Click Initiate HA.
  8. Sign in to the web admin console of the auxiliary XG Firewall and go to System services > High availability.
  9. Select Auxiliary as the device role.
  10. Select QuickHA and enter the same Passphrase used on the primary XG Firewall.
  11. Click Initiate HA. You see a message about the configuration being overwritten. This is because the configuration will be synchronized from the primary XG Firewall.

The following status messages are displayed during the QuickHA setup process:

Message

Description

Device Discovery Started. Dedicated HA link configured.

QuickHA confirms that a dedicated link has been configured.

One time Password set for dedicated Interface. Device Discovery In-Progress.

QuickHA is trying to connect the primary and auxiliary devices.

Peer detected. Initial SSH Handshake In-Progress.

The auxiliary device has been detected and the initial connection is being established.

Peer detected. Initial Synchronization Started.

Configuration sync is in progress.

Established

HA has been established.

Not established

HA has not been established. Please check all settings and connections.