Skip to content

HA configuration

You can set up Sophos Firewall as an active-active or active-passive cluster in high-availability mode.

Mode Description
Active-passive When the primary firewall fails, the auxiliary firewall automatically takes over traffic processing, preventing downtime.
Active-active In active-active mode, both the primary and auxiliary firewalls process traffic. The primary firewall receives all network traffic and load-balances the traffic using the auxiliary firewall to handle some traffic processing. If the primary firewall fails, the auxiliary firewall takes over all network traffic processing.

You can configure high availability in two ways, depending on the amount of customization you require in the configuration. These options are as follows:

  • QuickHA. For ease of configuration, we recommend using this mode.
  • Interactive.
Configuration mode Description
QuickHA

QuickHA provides a way to easily set up Sophos Firewall as a high-availability system with the minimum configuration steps by automatically selecting default configuration values.

Once HA is configured and enabled with QuickHA, you can configure advanced HA options. Examples: monitoring port, keep-alive timer, and failback to primary settings.

Interactive

Interactive mode allows you more control over the HA settings. In this mode, you can choose parameters that QuickHA would otherwise select automatically, such as assigned virtual MAC address and peer administration settings.

In this mode, you configure the auxiliary firewall first, followed by the primary.