PA-5220 HA Config Ethernet or Crossover Cables?

Reply
Highlighted
L2 Linker

PA-5220 HA Config Ethernet or Crossover Cables?

The first step seems a bit contradictory, just looking for some clarification. I have 2x5220s that I am setting up in HA Active-Passive mode. To cable the dedicated interfaces it looks like I just use regular ethernet cables, but the second sentence "Use a crossover cable if the peers are directly connected to each other." seems to contradict the first sentence. Can anyone explain when crossover cables would be used?

 

Step 1 >>

Connect the HA ports to set up a physical connection between the firewalls.

  • For firewalls with dedicated HA ports, use an Ethernet cable to connect the dedicated HA1 ports and the HA2 ports on peers. Use a crossover cable if the peers are directly connected to each other.
  • For firewalls without dedicated HA ports, select two data interfaces for the HA2 link and the backup HA1 link. Then, use an Ethernet cable to connect these in-band HA interfaces across both firewalls.
Use the management port for the HA1 link and ensure that the management ports can connect to each other across your network.
Tags (1)
L7 Applicator

Re: PA-5220 HA Config Ethernet or Crossover Cables?

@mike406,

Some networks that are setup across multiple different buildings will utilize intermediate connections to connect the HA ports, and therefore the device is not actually directly connected to eachother. In this case you would use a normal patch cable.

 

If your Active/Passive units are going to be located in the same area, and they are going to be directly connected to each other (cable from HA1 on Active to HA1 on Passive), it is recommended to use a crossover cable. 

 

Most networks that are actually dispursed between buildings are unlikely to use the ethernet HA ports however, instead they would setup SFP ports to simply utilize a direct fiber connection between firewalls.  

 

 

L7 Applicator

Re: PA-5220 HA Config Ethernet or Crossover Cables?

Hello,

While it is recoomended, it is not required. I have two in HA and use straight through cables and it works just fine. Most modern swithces/routers/firewalls can detect and compensate for this.

 

Regards,

L7 Applicator

Re: PA-5220 HA Config Ethernet or Crossover Cables?

@OtakarKlier is very much right, and why I put recommended in italics. Crossover cables are quickly becoming something that nobody actually uses anymore, and outside of a couple really old routers I've come across I can't recall the last time I've truthfully ran across a device that fully required a crossover cable be used. 

L2 Linker

Re: PA-5220 HA Config Ethernet or Crossover Cables?

Thank you all for the replies. I will use straight cables and see how it goes. I haven't used crossover cables since the days of hubs...and once switches and Auto-MDI/MDIX capabilities came along I never used a crossover cable unless it was required. It caught me a little off-guard when I saw that listed in the steps.

 

Mike

L4 Transporter

Re: PA-5220 HA Config Ethernet or Crossover Cables?

Yes that is exactly what we need is to have them connected by fiber and not through switches etc that when they loose power have cause a split brain condition on my network since there are located in different buildings. We discovered this when we had a power outage in the building where the active PA was located and they were both passing traffic cause they couldn't talk to the there HA partner and both thought the other was down.

L0 Member

Re: PA-5220 HA Config Ethernet or Crossover Cables?

Hello

 

I have question.

 

For PA-5220, is it better to use HA cable as 1G UTP? Or is it better to use 10G UTP? As far as I know, using 1G UTP does not seem to be a problem. Could you give me an answer? Thank you.

L2 Linker

Re: PA-5220 HA Config Ethernet or Crossover Cables?

I have been using 1G UTP and it's working. No synchronization issues or anything like that, but it depends on your setup. Make sure to read the posts in this thread and the configuration guide and if you're still not sure consult with tech. support or your sales SE.

L7 Applicator

Re: PA-5220 HA Config Ethernet or Crossover Cables?

@KyungJinHan,

@mike406 is right. This works perfectly fine in some situations, and it would work really poorly in others. This depends on the utilization of the 5220 and ensuring that you don't find youself hitting saturdation on the links. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!