Panorama in HA

angel.camacho — Wed, 15 Feb 2012 07:34:19 GMT

Hi there!

I would like to know if someone is using the Management Panorama in HA (Primary and Secondary). I was looking for information about, but i could not find anything.

Thanks in advance!

Angel.

Re: Panorama in HA

angel.camacho — Wed, 15 Feb 2012 07:45:46 GMT

found-->

(admin guide) 🙂

Configuring HA



Panorama > High Availability

To support HA for Panorama, you can configure two Panorama devices to provide synchronized

connections to the managed firewalls. One Panorama device is designated as active and the other as

passive. If the active Panorama device becomes unavailable, the passive server takes over temporarily.

If preemption is enabled and the active device becomes available again, the passive device relinquishes

control and returns to the passive state.

HA for Panorama also involves the assignment of a primary device and secondary device for logging

purposes.

You can configure Panorama to use the same log external storage facility for the primary and secondary

devices (Network File System or NFS option) or configure logging internally. If the NFS option is

enabled, then during normal operations only the primary device receives the logs that are sent from the

managed firewalls. If local logging is enabled, then by default logs are sent to the primary and

secondary devices.

Configure the followings settings to enable HA on Panorama.

Note:

not backward compatible with Release 3.1 or earlier.
HA is supported only for managed devices running Release 4.0 or later. It is
Note:
functionality.
HA requires two Panorama licenses and unique serial numbers for
Table 130. Panorama HA Settings
Field Description
Setup
Enable HA Select the check box to enable HA.
Peer HA IP Address Enter the IP address of the HA1 interface that is specified in the Control Link section
of the other firewall.
Enable Encryption Select the check box to enable encryption for the synchronization link between the
active and passive Panorama devices.
Note:

49160 when encryption is not enabled.
HA connectivity uses TCP port 28 with encryption enabled and 28769 and
Monitor Hold Time
(ms)
Enter the length of time (ms) that the system will wait before acting on the control
link failure (1000-60000 ms, default 3000 ms).

topic Re: Panorama in HA in General Topics

Panorama in HA

Re: Panorama in HA