Configure the auxiliary Sophos Firewall

  1. Go to System services > High availability.
  2. Specify the initial HA device state.

    Set the Initial device role to Auxiliary.

  3. Select Interactive mode.

  4. A passphrase is generated automatically. You can also change it manually.


    The devices in the cluster must have the same passphrase.

  5. Select a dedicated HA link.

    The peers in an HA cluster continuously monitor the dedicated HA link and the interfaces configured to be monitored.


    Don't use Port4 as the dedicated HA link on the following models:

    • XG 105 Rev.3
    • XG 115 Rev.3
    • XG 106


    The peer device must use the same HA link. Specify this port as the HA link port on the peer. For example, if you choose port E on the primary device, you must also choose port E on the auxiliary device.


    The IP address of the HA link for the peer device must be on the same subnet.

  6. Click Save.

Configure the primary device. After you have configured the primary device and when HA is active, the devices will synchronize automatically. To force the auxiliary device to pull configuration updates from the primary, click Sync with primary.