![]() ![]() ![]() Also, objects residing in the quarantine are also synchronized and are still available after a takeover.Ĭluster (active-active): (Not available with BasicGuard subscription.) To cope with the rising demand of processing large volumes of Internet traffic in real time, Sophos UTM features a clustering functionality that can be employed to distribute processing-intensive tasks such as content filtering, virus scanning, intrusion prevention, or decryption equally among multiple cluster nodes. ![]() This means that road warriors as well as remote VPN gateways do not need to re-establish IPsec tunnels after the takeover. In addition to firewall connection synchronization, the gateway also provides IPsec tunnel synchronization. One of the major improvements introduced in Sophos UTM Software 9 is that the latency for a takeover could be reduced to less than two seconds. Hot Standby (active-passive): Sophos UTM features a hot standby high availability concept consisting of two nodes, which is the minimum required to provide redundancy. This function will make sure that those devices will automatically be added to the hot standby system/cluster whose high availability operation mode is set to Automatic Configuration. The prerequisite, however, for this feature to work is that the option Enable Automatic Configuration of New Devices is enabled on the master system. For the high availability operation mode will change to Hot Standby or Cluster as soon as a device with Automatic Configuration selected joins a hot standby system or cluster, respectively. For that reason, Automatic Configuration can be considered a transition mode rather than a high availability operation mode in its own right. Using Sophos UTM Software, the Automatic Configuration option is to be used on dedicated slave systems to automatically join a master or already configured hot standby system/cluster. If the unlikely case should occur that the uptime is identical, the decision which device is becoming master will be made based on the MAC address. If you connect two Sophos UTM appliances through this dedicated interface, all devices will recognize each other and configure themselves automatically as an HA system-the device with the longer uptime becoming master. For example, you can only use two Sophos UTM 320 appliances to set up a HA system one Sophos UTM 220 unit on the one hand and one Sophos UTM 320 unit on the other hand cannot be combined. Note – For Automatic configuration to work, all Sophos UTM appliances must be of the same model. On appliances which only offer modular (removable) FlexiPort modules this feature is disabled by default but can be enabled on any preferred port (Sync NIC) as described further below. Note – Automatic configuration is only enabled by default on appliances with a fixed eth3 port. Simply connect the dedicated HA interfaces ( eth3) of your Sophos UTM appliances with one another, select Automatic configuration for all devices, and you are done. The high availability functionality of Sophos UTM covers four basic settings:Īutomatic configuration: Sophos UTM features a plug-and-play configuration option for Sophos UTM appliances that allows the setup of a hot standby system/cluster without requiring reconfiguration or manual installation of devices to be added to the cluster. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |