Palo Alto Firewall High Availability

Palo Alto Firewall High Availability

Modes:
1. Active – Standby
2. Active – Active

High Availability Links:
1. HA1 – Control link
2. HA2 – Data Link

Triggers:
1. Hearth beats Hello Message
2. Link Monitoring
3. Path Monitoring

Pre-requisite:
1. Same Model
2. Same PAN OS Version
Configuration

I. Connect the HA ports to setup physical connection between the devices.
20

For firewalls with dedicated HA ports, use an Ethernet cable to connect the dedicated HA1 ports and the HA2 ports on peers. Use a crossover cable if the peers are directly connected to each other.

For firewalls without dedicated HA ports, select two data interfaces for the HA2 link and the backup HA1 link. Then, use an Ethernet cable to connect these in-band HA interfaces across both firewalls. Use the management port for the HA1 link and ensure that the management ports can connect to each other across your network.

II. Enable HA, Group ID, Assign Mode, Enableconfig sync and assign peer address.
21

III. Configure Control Link(HA1) on Palo Alto Primary and Secondary

PA1
22

IP will be used on Peer address

PA2

23

You can also enable encryption to secure the communication between to peer.

IV. Configure Data Link (HA2)

24

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s