• Hi everyone,

    i do not really understand what happens if the MASTER is going down and i have, let's say a webserver behind it. Can i reach the webserver with the same IP adress if the SLAVE is going to do the work? If yes, why do i need a second ip adress for the SLAVE?

    And do i have to configure the External (WAN) interface for the SLAVE manually or is the SLAVE automatically getting the information from the MASTER?

  • Hi,

    In the configuration described in this tutorial, the SLAVE would take over any operations being handled by the MASTER (Sophos automatically synchronizes all configuration). So, if you have a webserver on IP 01 being served by the MASTER, and something triggers a failover to the SLAVE, the SLAVE would takeover (same IP 01) and any other operations being handled by the MASTER.

    The reason you need at least two Public IPs is to enable the ProfitBricks "VLAN" on both (MASTER & SLAVE) WAN interfaces. That's why you would need two IPs with the same first 3 octets. After the cluster is enabled, those two IPs can be shared among the cluster (they can move from one VM to the other). Also, my understanding is that Sophos recommends having one IP for the Firewall/VPN/Portal portions of the appliance and a separate IP (or IPs) for other services such as web publishing. I believe the reason for this is to prevent some port overlaps. For example: the Sophos User Portal runs on port 443. This could have a conflict with other HTTPS sites you publish.

    Lastly, the SLAVE has to have some basic configuration in order to establish the cluster. At that point, the MASTER would then synchronize all configuration to the SLAVE and act as one.

    Hope this helps.


Log In, Add a Comment