Skip to content

HA configuration

You can set up Sophos Firewall as an active-active or active-passive cluster using the QuickHA or interactive configuration modes.

Before you configure HA, see the Prerequisites.

  • Active-passive (QuickHA)


    How to configure active-passive HA using QuickHA configuration.

    See how-to article

  • Active-active (QuickHA)


    How to configure active-active HA using QuickHA configuration.

    See how-to article

  • Active-passive (Interactive)


    How to configure active-passive HA using interactive configuration.

    See how-to article

  • Active-active (Interactive)


    How to configure active-active HA using interactive configuration.

    See how-to article

Microsoft Azure

You can deploy Sophos Firewall as a virtual machine in Microsoft Azure as part of a virtual active-active cluster. Traffic will be load-balanced between each firewall, but other HA features such as failover aren't available.

To configure Sophos Firewall on Azure, see Manually configure load-balancing in Azure.

HA modes

You can configure the HA cluster in active-passive or active-active modes.

Mode Description
Active-passive When the primary firewall fails, the auxiliary firewall automatically takes over traffic processing, preventing downtime.
Active-active In active-active mode, both the primary and auxiliary firewalls process traffic. The primary firewall receives all network traffic and load-balances the traffic using the auxiliary firewall to handle some traffic processing. If the primary firewall fails, the auxiliary firewall takes over all network traffic processing.

Configuration modes

You can configure high availability in two ways, depending on the amount of customization you require in the configuration. These options are as follows:

  • QuickHA. For ease of configuration, we recommend using this mode.
  • Interactive.
Configuration mode Description
QuickHA

QuickHA provides a way to easily set up Sophos Firewall as a high-availability system with the minimum configuration steps by automatically selecting default configuration values.

Once HA is configured and enabled with QuickHA, you can configure advanced HA options. Examples: monitoring port, keep-alive timer, and failback to primary settings.

Interactive

Interactive mode allows you more control over the HA settings. In this mode, you can choose parameters that QuickHA would otherwise select automatically, such as assigned virtual MAC address and peer administration settings.

In this mode, you configure the auxiliary firewall first, followed by the primary.

HA statuses

See Manage HA.