Palo Alto Firewall High Availability

Palo Alto Firewall High Availability

1. Active – Standby
2. Active – Active

High Availability Links:
1. HA1 – Control link
2. HA2 – Data Link

1. Hearth beats Hello Message
2. Link Monitoring
3. Path Monitoring

1. Same Model
2. Same PAN OS Version

I. Connect the HA ports to setup physical connection between the devices.

For firewalls with dedicated HA ports, use an Ethernet cable to connect the dedicated HA1 ports and the HA2 ports on peers. Use a crossover cable if the peers are directly connected to each other.

For firewalls without dedicated HA ports, select two data interfaces for the HA2 link and the backup HA1 link. Then, use an Ethernet cable to connect these in-band HA interfaces across both firewalls. Use the management port for the HA1 link and ensure that the management ports can connect to each other across your network.

II. Enable HA, Group ID, Assign Mode, Enableconfig sync and assign peer address.

III. Configure Control Link(HA1) on Palo Alto Primary and Secondary


IP will be used on Peer address



You can also enable encryption to secure the communication between to peer.

IV. Configure Data Link (HA2)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s