What is the best way to set up a heartbeat connection between and active and passive pair of firewall. We currently have a PA 5050 pair, in different buidling quite a distance away from one another and the heartbeat connection is through the network via ethernet and a switch. We have had it go into a split brain situation when power is lost on one the switches connecting the heartbeat through the network
Not sure if i fully understand but if a switch goes down that one of the devices is connected to then yes you will get SB, but as the connected device is down via the switch then traffic should auto route via the active one...
if you are saying that only the HA link has gone down then perhaps you should look at HA backup via management port.
You mean setting up HA backup under device--->HA--->general----)election--->backup. I checked and it already configured. The tough part is that the PA's are in different building and one switch out and I have split brain. It happened a couple times this month, so I was hoping to connect the via fiber and not switches but it appears I would not be able to use the dedicated HA port I would have to use one of my other spf ports and configure it for HA
Yes you would have to use another SFP port. The benefit of this however is if you do a direct connection you don't have to worry about a switch going down and causing any issues; as the device itself would still be able to communicate. You'd just want to configure Link/Path monitoring and ensure that if you ever lost important interfaces HA would actually trigger and failover appropriately.
That seems alot better than what I have now. I would be curious to know if anyone has already tried what I am considering and how it worked out for them, I can't be the only one that has the primary in a different building than the secondary. Support said the recommended configuration is to connect them using a serial cable.
This is the exact configuration that most of my HA clusters are using unless they are physically in a datacenter sitting next to eachother. Works perfectly fine.
So just configure the new ports as HA, plug in in and it pretty much the same as the one that come already dedicated on the box. All the configuration is the same through the software? Support made it sound like it was unusual LOL. But I can't keep going into split brain everytime there is a power clitch
Once you have the interface configured litteraly everything else is the exact same. The only thing that I would really say changes is that you really do need to configure Link and Path monitoring, although those should already be configured.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!