Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-14-2012 06:21 PM
Hi
About HSRP v1 support.
Is PAN-OS HSRP v1 supporting?
Is support HSRP v2 and VRRP?
Thanks.
06-18-2012 01:52 AM
HSRP and VRRP are not supported on Palo Alto Firewalls.
There is a better option to configure High Availability which ensures stateful redundancy between the Firewalls.
When the two firewalls are configured in High Availability Active-Passive:
•The active device continuously synchronizes its configuration and session information with the passive over two dedicated interfaces.
•In the event of a hardware or software disruption on the active firewall, the passive firewall becomes active automatically without loss of service.
Regards,
AK
06-18-2012 12:40 AM
Can you explain in more detail your question? Hsrp is a Cisco System proprietary protocol, what do you mean for Pan-Os support hsrp?
06-18-2012 01:52 AM
HSRP and VRRP are not supported on Palo Alto Firewalls.
There is a better option to configure High Availability which ensures stateful redundancy between the Firewalls.
When the two firewalls are configured in High Availability Active-Passive:
•The active device continuously synchronizes its configuration and session information with the passive over two dedicated interfaces.
•In the event of a hardware or software disruption on the active firewall, the passive firewall becomes active automatically without loss of service.
Regards,
AK
06-20-2012 11:51 PM
sorry
I use Cisco ASR HSRP v1.
Cisco ASR connect to L2sw .
L2SW connect to PA.
my Test configuration is following.
[Cisco ASR (HSRPv1)] ---[L2SW]---[PA]
When HSRP failover went, sometimes do not failover HSRP.
(about 1/4)
but, if VRRP and HSRPv2 does not occur.
There is an article as follows.
https://live.paloaltonetworks.com/docs/DOC-2366
I've read above.
It is written "Cisco device is upgrade HSRP V2"
If do not work, upgrade to HSRPv2?.
I think HSRPv1 not support.
Please let me know that it supports.
Thanks.
06-21-2012 01:17 AM
Hi, the ASR is configured in HSRP with another ASR, or with the L2SW? I don't understand. The HSRP is between two device interconnected by a PA fw?
ASR------>L2SW----->PA------>ASR ?
OR
PA
/ \
L2SW
/ \
ASR1 ASR2
Let me know.
06-21-2012 02:52 AM
Configration is following
ASR(HSRP:act)------ASR(HSRP:standby)
| |
| |
L2SW---------------------L2SW
(Link Agg)
---------------------
| |
| |
| |
PA(act)-------------PA(standby)
06-21-2012 04:00 AM
So when there is the switch active to standby the pa doesn't receive the new arp from the same ip. There is a vlan configured with hsrp between ASR that connect the ip of the ASR to PA with a default route vs the PA? The PA are connected to L2SW with interface in access L3 mode, or L2 mode?
When the ASR active goes down, the secondary ASR become active, but you haven't connectivity?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
