Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=HA-manage

Manage HA

You can see the HA device, role, and status details.

High availability status

Web admin console

To see the HA details, use one of the following options:

  • For a quick check, click the node name in the upper-right corner on any page.

  • For the complete details, go to System services > High availability and see the high availability status:

    • HA health status and HA mode, for example, Connected (active-passive).
    • Node names, the initial primary device, and the licensing source for the cluster.
    • Serial numbers, current roles, statuses, and last status change.

Here's an example:

HA status panel.

CLI

To see the HA status and configuration details on the CLI, do as follows:

  1. Sign in to the CLI of the primary device and enter 4 for Device console.
  2. Enter the following command: system ha show details

HA device status

Active

  • The primary firewall is an active device in both active-active and active-passive HA.
  • In active-active HA, the auxiliary firewall is an active device along with the primary.

Passive

In active-passive HA, the auxiliary acts as the passive device. It doesn't process traffic when it's in passive status. When the primary device becomes unavailable, the passive device becomes active and takes over as the primary device.

Faulty

If an HA device becomes unavailable, it shows Faulty status.

Standalone

When an HA device becomes unavailable, its peer becomes a Standalone device.

HA actions

You can manually synchronize the devices, switch to the passive device, and disable HA.

HA status panel.

Manually synchronize

Automatic synchronization ensures that the primary device configurations are synchronized with the auxiliary device.

You can use manual synchronization to troubleshoot an HA issue related to synchronization. It ensures that the auxiliary device performs a full synchronization, including the database and all related files, which only occurs during a restart.

To manually synchronize the devices, click Sync auxiliary device on the primary or auxiliary devices.

  • The auxiliary device restarts, performs a full synchronization, and remains the auxiliary device.
  • Logs and reports aren't synchronized. They remain independently on each device.
  • The firewall drops all masqueraded connections.

Switch the device status

In active-passive HA, to force the auxiliary device to take over as the primary device, take one of the following actions:

  • Click Switch to passive device on the current primary device.
  • Click Switch to active device on the current auxiliary device.

Disable HA

We recommend that you disable HA from the primary device. See Disable HA.