Palo Alto Firewall High Availability
1. Active – Standby
2. Active – Active
High Availability Links:
1. HA1 – Control link
2. HA2 – Data Link
1. Hearth beats Hello Message
2. Link Monitoring
3. Path Monitoring
1. Same Model
2. Same PAN OS Version
I. Connect the HA ports to setup physical connection between the devices.
For firewalls with dedicated HA ports, use an Ethernet cable to connect the dedicated HA1 ports and the HA2 ports on peers. Use a crossover cable if the peers are directly connected to each other.
For firewalls without dedicated HA ports, select two data interfaces for the HA2 link and the backup HA1 link. Then, use an Ethernet cable to connect these in-band HA interfaces across both firewalls. Use the management port for the HA1 link and ensure that the management ports can connect to each other across your network.
II. Enable HA, Group ID, Assign Mode, Enableconfig sync and assign peer address.
III. Configure Control Link(HA1) on Palo Alto Primary and Secondary
IP will be used on Peer address
You can also enable encryption to secure the communication between to peer.
IV. Configure Data Link (HA2)