Panorama in HA

Reply
Highlighted
L1 Bithead

Panorama in HA

Hi there!

I would like to know if someone is using the Management Panorama in HA (Primary and Secondary). I was looking for information about, but i could not find anything.

Thanks in advance!

Angel.

L1 Bithead

Re: Panorama in HA

found-->

(admin guide) :-)

Configuring HA



Panorama > High Availability

To support HA for Panorama, you can configure two Panorama devices to provide synchronized

connections to the managed firewalls. One Panorama device is designated as active and the other as

passive. If the active Panorama device becomes unavailable, the passive server takes over temporarily.

If preemption is enabled and the active device becomes available again, the passive device relinquishes

control and returns to the passive state.

HA for Panorama also involves the assignment of a primary device and secondary device for logging

purposes.

You can configure Panorama to use the same log external storage facility for the primary and secondary

devices (Network File System or NFS option) or configure logging internally. If the NFS option is

enabled, then during normal operations only the primary device receives the logs that are sent from the

managed firewalls. If local logging is enabled, then by default logs are sent to the primary and

secondary devices.

Configure the followings settings to enable HA on Panorama.

Note:

not backward compatible with Release 3.1 or earlier.

HA is supported only for managed devices running Release 4.0 or later. It is

Note:

functionality.

HA requires two Panorama licenses and unique serial numbers for

Table 130. Panorama HA Settings

Field Description

Setup

Enable HA Select the check box to enable HA.

Peer HA IP Address Enter the IP address of the HA1 interface that is specified in the Control Link section

of the other firewall.

Enable Encryption Select the check box to enable encryption for the synchronization link between the

active and passive Panorama devices.

Note:

49160 when encryption is not enabled.

HA connectivity uses TCP port 28 with encryption enabled and 28769 and

Monitor Hold Time

(ms)

Enter the length of time (ms) that the system will wait before acting on the control

link failure (1000-60000 ms, default 3000 ms).

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!