I am working on the following HA design -
As you can see above, each firewall will have two interfaces connected to Juniper routers on the inside and outside zones. The firewall peers will also be directly connected to each other for the HA links.
The plan is to use Active/Passive deployment and I am trying to figure out if this design can be achieved without any Layer 2 switches. The main question I have is around exchange of hello messages and link monitoring. How do the firewall peers exchnage these messages if there is no L2 switch in the topolocy? Is that done over HA links?
Would this design not work due to the missing L2 switch?
Solved! Go to Solution.
Link monitoring and path monitoring are about watching the connection status between the PA and the connected device. This is not about monitoring the status of the HA pair. This does not matter what the connected device is.
So when you configure link monitoring you are watching for the link status between the PA and the other device going link down.
Path monitoring is using the selected link to run the ping test and can detect failures upstream of the actual link failure. The link can be link up but not able to reach the internet for example because of failures beyond the link itself. But this is testing the path to the rest of the network or upstream and not the HA status of the two devices.
All exchanges of information between HA members if via the HA links.
The tests are run on the firewall connected to the link under test.
Hi. i have this issue:
i have in my PA active firewall several interfaces within link monitoring. i want to know which is the normal behavior if i config the same links on the passive firewall. my real question is: Do I must to configure the same link monitoring on both firewalls or just i need to configure this on the active firewall
i am so confused, your help and comments will be very apreciated
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!