You can set up Sophos Firewall as an active-active or active-passive cluster using the QuickHA or interactive configuration modes.
Before you configure HA, see the Prerequisites.
How to configure active-passive HA using QuickHA configuration.
How to configure active-active HA using QuickHA configuration.
How to configure active-passive HA using interactive configuration.
How to configure active-active HA using interactive configuration.
You can deploy Sophos Firewall as a virtual machine in Microsoft Azure as part of a virtual active-active cluster. Traffic will be load-balanced between each firewall, but other HA features such as failover aren't available.
To configure Sophos Firewall on Azure, see Manually configure load-balancing in Azure.
You can configure the HA cluster in active-passive or active-active modes.
|Active-passive||When the primary firewall fails, the auxiliary firewall automatically takes over traffic processing, preventing downtime.|
|Active-active||In active-active mode, both the primary and auxiliary firewalls process traffic. The primary firewall receives all network traffic and load-balances the traffic using the auxiliary firewall to handle some traffic processing. If the primary firewall fails, the auxiliary firewall takes over all network traffic processing.|
You can configure high availability in two ways, depending on the amount of customization you require in the configuration. These options are as follows:
- QuickHA. For ease of configuration, we recommend using this mode.
|QuickHA||QuickHA provides a way to easily set up Sophos Firewall as a high-availability system with the minimum configuration steps by automatically selecting default configuration values. |
Once HA is configured and enabled with QuickHA, you can configure advanced HA options. Examples: monitoring port, keep-alive timer, and failback to primary settings.
|Interactive||Interactive mode allows you more control over the HA settings. In this mode, you can choose parameters that QuickHA would otherwise select automatically, such as assigned virtual MAC address and peer administration settings. |
In this mode, you configure the auxiliary firewall first, followed by the primary.
See Manage HA.