Skip to content

Configure HA in Azure using a template

Using a Sophos provided template, you can deploy Sophos Firewall in HA mode as a virtual machine on Microsoft Azure.

Prerequisites:

  • Valid licenses for the required number of Sophos Firewall instances (for the BYOL deployment type). You can also use our trial license.
  • Access to Sophos Central. See Sophos Central startup guide.

Deploy the firewall instances using the Sophos provided template

You can download and deploy the template manually. This is useful when you need to customize the template to integrate into your existing environment. You can also deploy the default template directly from the Sophos IaaS Github page.

To deploy the default template, do as follows:

  1. Sign in to Microsoft Azure portal, open a new tab, and go to Sophos IaaS Github page.
  2. Scroll down to the High Availability section in the lower area of the page.
  3. Select Deploy to Azure or Deploy to Azure Gov.

    You're taken back to the Microsoft Azure portal to complete the deployment process.

    The template deploys the following:

    • Two Sophos Firewalls in an availability set with two NICs each (one frontend and one backend).
    • A public load balancer with a public IP resource attached.
      • The load balancer checks the health of Sophos Firewall using TCP port 4444.
      • By default, TCP port 4444 on the public IP of the load balancer is NATted to TCP port 4444 of the first Sophos Firewall while TCP port 4445 is NATted to TCP port 4444 of the second Sophos Firewall.

Activate and register the appliances individually (one at a time)

  1. Go to the public IP address of the load balancer. To access the web admin consoles, use port 4444 for the first firewall and port 4445 for the second firewall as follows:

    • First firewall: https://<load balancer public IP>:4444.
    • Second firewall: https://<load balancer public IP>:4445.
  2. To complete the registration and activation process, follow the steps in Activating and registering Sophos Firewall.

Configure Central Management on the appliances (one at a time)

  1. Browse to the public IP address of the load balancer. Use port 4444 to access the first Sophos Firewall's web admin console and port 4445 to access the second Sophos Firewall's web admin console.

    • First Sophos Firewall's web admin console: https://<load balancer public IP>:4444.
    • Second Sophos Firewall's web admin console: https://<load balancer public IP>:4445.
  2. After you sign in to the firewalls, follow the steps in Use the super admin credentials to register with Sophos Central.

Back to top