Active/passive HA on PA5020

Reply
L2 Linker

Active/passive HA on PA5020

I am using this link https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-High-Availability-on-PA... to try to configure active/standby HA on my 5020 and I am confused about the ports (control links (CL) ha1, CL ha1 backup, data link (DL) ha2, and DL ha2 backup) and the assigned IP addresses. Why do I need to use management for CL ha1? Do I need to assign an IP address for DL ha2? I am trying to search for a tutorial for the HA on the 5020 but could not find it. Any feedback will be greatly appreciated. Thanks

I configured as below but I am not sure about the management CL ha1. My management has 192.168.1.1/24.

 

Capture.JPGpic

L7 Applicator

Re: Active/passive HA on PA5020

@jac101,

Use this article and you should be able to get a little bit further. 

1 - You don't need to configure either the HA1 Backup or the HA2 Backup ports if you don't want to; these are simply going to be utilized if the Control Link or the Data Link goes down. 

2 - The interfaces need IP addresses however if you are directly connecting them then you really don't have to worry about what you set them to as the traffic obviously won't be routed. I would use something that at least falls within the RFC though and not what you have displayed, regardless of the traffic potentially not routing. 

3 - You should be able to configure one of your other ports as a high-availability port and not use the management interface if you don't want to do that. 

L2 Linker

Re: Active/passive HA on PA5020

So if I take the management interface as my CL ha1 as backup then the IP address has to be in the same subnet as my managmenmt interface IP address. Correct?

L4 Transporter

Re: Active/passive HA on PA5020

Don't se why it has to be in the same subnet as the actual management interface address, so long as the two MGMT are on the same L2 Vlan and no routing is going on.

 

Give them one each of the IP's out of a /30 .

 

Rob

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!