The first step seems a bit contradictory, just looking for some clarification. I have 2x5220s that I am setting up in HA Active-Passive mode. To cable the dedicated interfaces it looks like I just use regular ethernet cables, but the second sentence "Use a crossover cable if the peers are directly connected to each other." seems to contradict the first sentence. Can anyone explain when crossover cables would be used?
Step 1 >>
Connect the HA ports to set up a physical connection between the firewalls.
Solved! Go to Solution.
Some networks that are setup across multiple different buildings will utilize intermediate connections to connect the HA ports, and therefore the device is not actually directly connected to eachother. In this case you would use a normal patch cable.
If your Active/Passive units are going to be located in the same area, and they are going to be directly connected to each other (cable from HA1 on Active to HA1 on Passive), it is recommended to use a crossover cable.
Most networks that are actually dispursed between buildings are unlikely to use the ethernet HA ports however, instead they would setup SFP ports to simply utilize a direct fiber connection between firewalls.
@OtakarKlier is very much right, and why I put recommended in italics. Crossover cables are quickly becoming something that nobody actually uses anymore, and outside of a couple really old routers I've come across I can't recall the last time I've truthfully ran across a device that fully required a crossover cable be used.
Thank you all for the replies. I will use straight cables and see how it goes. I haven't used crossover cables since the days of hubs...and once switches and Auto-MDI/MDIX capabilities came along I never used a crossover cable unless it was required. It caught me a little off-guard when I saw that listed in the steps.
Yes that is exactly what we need is to have them connected by fiber and not through switches etc that when they loose power have cause a split brain condition on my network since there are located in different buildings. We discovered this when we had a power outage in the building where the active PA was located and they were both passing traffic cause they couldn't talk to the there HA partner and both thought the other was down.
I have question.
For PA-5220, is it better to use HA cable as 1G UTP? Or is it better to use 10G UTP? As far as I know, using 1G UTP does not seem to be a problem. Could you give me an answer? Thank you.
I have been using 1G UTP and it's working. No synchronization issues or anything like that, but it depends on your setup. Make sure to read the posts in this thread and the configuration guide and if you're still not sure consult with tech. support or your sales SE.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!