Answers to the most frequently asked questions covering licensing, Flexi port modules, feature, and hard support.
Sophos Firewall Xg 210
Sophos XG 210 Rev. 3 (XG21T3HEUK) Die Sophos XG 210 Hardware Firewall basiert auf modernster Intel-Technologie und ist mit 6 GbE-Kupferports, 2 GbE SFPGlasfaserports sowie einem FleXi-Port-Steckplatz zur Konfiguration mit einem optionalen Modul ausgestattet. Sophos XG Firewall – The next thing in next-gen XG Firewall is optimized for today’s business, delivering all the protection and insights. XG 210 2 1U 6/1 (14. Sophos XG 210 & Fortinet Fortigate FG-100E is good for branch and small office. Let check the different between 2 devices as table below. Sophos XG 210 with higher firewall throughput as 16 Gbps. Fortigate has multi Ethernet fixed port, but have 2 WAN ports, while Sophos XG 210 can add up to 6 WAN ports. Sophos XG Firewall takes an innovative approach across all areas of network security. From the way firewalls are managed, to the way they report information and how they work with other security systems around them, giving you an unprecedented level of simplicity, insight, and advanced threat protection.With an interface designed to eliminate unnecessary complexity, it enables you to use the.
Which licenses do I need when I have two devices in high-availability mode?
For active-active mode:
- Each device requires its own subscriptions, and the active subscriptions must match on both devices.
- Zero-day protection doesn't affect the HA setup regardless of the expiry date on each device.
For active-passive mode:
- Only the active device requires a license subscription. Sophos Firewall ensures the passive device has a copy of those subscriptions, so it can take on processing if the active device fails.
It’s therefore vital that the subscriptions are activated on the intended active device. You must ensure that HA is turned on only from the device which has a valid subscription.
- If a software or virtual device is used, you need to purchase only one base license, and once that serial number is registered, Sophos Firewall will manage the creation of the passive device. There’s no need to purchase a separate base firewall license for the passive device or a separate serial number.
- The firewall that carries the license subscription must be configured as the primary node in the HA initial setup.
Is the synchronized application control feature supported in active-active mode?
No.
Is it possible to establish an HA pair between XG 210 and an SG 210?
No. XG 210 can only connect to another XG 210 in HA. An XG 230 or even an SG 210 can't be used.
What happens if I manually synchronize the HA?
If you manually synchronize any of the HA cluster devices, the firewall drops all the masqueraded connections.
What happens if I restore a backup without HA configuration after enabling HA?
If a backup without HA configuration is restored after configuring HA, then HA is disabled. The primary device is accessible according to the backup configuration. The auxiliary device is accessible with the auxiliary admin IP address.
Answers to the most frequently asked questions covering licensing, Flexi port modules, feature, and hard support.
Which licenses do I need when I have two devices in high-availability mode?
For active-active mode:
- Each device requires its own subscriptions, and the active subscriptions must match on both devices.
- Zero-day protection doesn't affect the HA setup regardless of the expiry date on each device.
For active-passive mode:
- Only the active device requires a license subscription. Sophos Firewall ensures the passive device has a copy of those subscriptions, so it can take on processing if the active device fails.
It’s therefore vital that the subscriptions are activated on the intended active device. You must ensure that HA is turned on only from the device which has a valid subscription.
- If a software or virtual device is used, you need to purchase only one base license, and once that serial number is registered, Sophos Firewall will manage the creation of the passive device. There’s no need to purchase a separate base firewall license for the passive device or a separate serial number.
- The firewall that carries the license subscription must be configured as the primary node in the HA initial setup.
Is the synchronized application control feature supported in active-active mode?
No.
Is it possible to establish an HA pair between XG 210 and an SG 210?
No. XG 210 can only connect to another XG 210 in HA. An XG 230 or even an SG 210 can't be used.
What happens if I manually synchronize the HA?
Sophos Xg Models
If you manually synchronize any of the HA cluster devices, the firewall drops all the masqueraded connections.
What happens if I restore a backup without HA configuration after enabling HA?
Sophos Xg 115
If a backup without HA configuration is restored after configuring HA, then HA is disabled. The primary device is accessible according to the backup configuration. The auxiliary device is accessible with the auxiliary admin IP address.