Skip to content

Manage an HA pair in Sophos Central

Your firewalls can be set up in either of the following ways:

  1. You are managing your firewalls in Sophos Central but they aren't in a high availability (HA) pair.
  2. Your firewalls are in an HA pair but you aren't managing them in Sophos Central.

Create an HA pair from your centrally-managed firewalls

You have two standalone firewalls managed from Sophos Central. You want to import the configuration from one of them and manage them as an HA pair.

Warning

For standalone firewalls already managed from Sophos Central, we recommend that you deregister them, configure HA, and reregister them for Sophos Central management. This will allow you to move the HA pair to a different group in Sophos Central if you want.

The image below shows two separate firewalls managed in Sophos Central.

Two separate firewalls managed in Sophos Central.

On your Sophos Firewall, create the HA pair.

Note

Both firewalls must be of the same firmware version. For more information, see High availability.

You can form an Active-Active or Active-Passive HA pair.

Once the HA pair is created, a single HA pair is displayed in Sophos Central.

An HA pair managed in Sophos Central.

You can now manage the firewalls as an HA pair in Sophos Central.

Manage your HA pair in Sophos Central

You have two Sophos Firewall devices in an HA pair. You want to manage them as an HA pair in Sophos Central.

The image below shows an active-passive HA pair.

An HA Pair in Sophos Firewall.

  1. On the primary Sophos Firewall, go to Central synchronization and click Register both HA devices to register the HA pair.

    Register your HA devices.

    The registration information is updated, as shown below.

    Sophos Firewall devices registered.

  2. Once registration is complete, enable central management.

    For more information, see Use the super admin credentials to register with Sophos Central.

  3. In Sophos Central, next to the primary firewall, click Approval Pending, then Accept Services.

    Accept Services.

    After a few minutes, the firewalls are displayed as a single HA pair.

    An HA pair managed in Sophos Central.

You can now manage the HA pair in Sophos Central. Any configuration changes you make in Sophos Central apply to both firewalls.