How to Configure Basic Layer 3 HA for Palo Alto Network Devices - External Cluster
11211
Created On 09/25/18 18:02 PM - Last Modified 06/08/23 22:29 PM
Resolution
Steps:
Basic L3 and HA configuration steps for Palo Alto Networks devices – External cluster.
- Configure multiple interfaces for L3 mode; create a zone for each L3 interface.
- Create a virtual router then add the L3 interfaces from step 1.
- Add NAT rules to translate either incoming or outgoing traffic.
- Add security policy to allow traffic and apply predefined profiles.
- Verify outbound and inbound traffic.
- Configure the HA parameters.
- Plug in the HA1 and HA2 connections.
- Bring up the second device (do not plug in in-band Ethernet interfaces.)
- Configure the HA parameters.
- Verify the HA status on the first device (prompt shows active.).
- Verify the HA status on the second device (prompt shows passive.).
- Verify that the HA configuration has been synced from active device to the passive device.
- Connect the in-band ports on the second device.Test HA fail-over.
owner: panagent