topic HA failover between two geo-separated firewall in General Topics https://live.paloaltonetworks.com/t5/general-topics/ha-failover-between-two-geo-separated-firewall/m-p/342165#M85786 <P>We are going to configure Active-Passive HA for PA3250. Primary and secondary device both at different locations , distance - 25 Kilometer.</P><P>Location A ( Primary FW) --- L2 switch -------------P2P link 60 Mbps-------------------------L2 Switch -------Location B ( Secondary FW)</P><P>For above scenario , can we use common P2P link for HA1 and HA2 ? We will use non-overlapping subnet for HA1 and HA2 connectivity .&nbsp;</P><P>Which HA timer setting need to check for heartbeat and ping ? How we can check ms or ping response between primary and secondary firewall for HA1 and HA2 interface?</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 05 Aug 2020 08:52:18 GMT Deepak_K 2020-08-05T08:52:18Z HA failover between two geo-separated firewall https://live.paloaltonetworks.com/t5/general-topics/ha-failover-between-two-geo-separated-firewall/m-p/342165#M85786 <P>We are going to configure Active-Passive HA for PA3250. Primary and secondary device both at different locations , distance - 25 Kilometer.</P><P>Location A ( Primary FW) --- L2 switch -------------P2P link 60 Mbps-------------------------L2 Switch -------Location B ( Secondary FW)</P><P>For above scenario , can we use common P2P link for HA1 and HA2 ? We will use non-overlapping subnet for HA1 and HA2 connectivity .&nbsp;</P><P>Which HA timer setting need to check for heartbeat and ping ? How we can check ms or ping response between primary and secondary firewall for HA1 and HA2 interface?</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 05 Aug 2020 08:52:18 GMT https://live.paloaltonetworks.com/t5/general-topics/ha-failover-between-two-geo-separated-firewall/m-p/342165#M85786 Deepak_K 2020-08-05T08:52:18Z Re: HA failover between two geo-separated firewall https://live.paloaltonetworks.com/t5/general-topics/ha-failover-between-two-geo-separated-firewall/m-p/342318#M85815 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/62177">@Deepak_K</a>,</P> <P>I would really caution against doing this over a P2P link, which I assume would be wireless? The chance that something would take down that link and leave you in a split-brain scenario would be much too high for my liking. That being said, it would absolutely work from a functional aspect.&nbsp;</P> <P>&nbsp;</P> <P>This document will give you everything you could possibly want about failover optimizations, but the piece you'll want to look at is the HA Timer Configuration Considerations. Note, while this document is older, everything on it is still viable.&nbsp;</P> <P>&nbsp;</P> Wed, 05 Aug 2020 21:17:54 GMT https://live.paloaltonetworks.com/t5/general-topics/ha-failover-between-two-geo-separated-firewall/m-p/342318#M85815 BPry 2020-08-05T21:17:54Z