Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

About HSRP v1 support.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

About HSRP v1 support.

Not applicable

Hi

About HSRP v1 support.
Is PAN-OS HSRP v1 supporting?

Is support HSRP v2 and VRRP?

Thanks.

1 accepted solution

Accepted Solutions

L5 Sessionator

HSRP and VRRP are not supported on Palo Alto Firewalls.

There  is a better option to configure High Availability which ensures stateful  redundancy between the Firewalls.

When the two firewalls are configured in High Availability Active-Passive:

•The active device continuously synchronizes its configuration and session information with the passive over two dedicated interfaces.

•In the event of a hardware or software disruption on the active firewall, the passive firewall becomes active automatically without loss of service.


Regards,

AK

View solution in original post

6 REPLIES 6

Not applicable

Can you explain in more detail your question? Hsrp is a Cisco System proprietary protocol, what do you mean for Pan-Os support hsrp?

L5 Sessionator

HSRP and VRRP are not supported on Palo Alto Firewalls.

There  is a better option to configure High Availability which ensures stateful  redundancy between the Firewalls.

When the two firewalls are configured in High Availability Active-Passive:

•The active device continuously synchronizes its configuration and session information with the passive over two dedicated interfaces.

•In the event of a hardware or software disruption on the active firewall, the passive firewall becomes active automatically without loss of service.


Regards,

AK

sorry

I use Cisco ASR HSRP v1.

Cisco ASR connect to L2sw .

L2SW  connect to PA.

my Test configuration is following.

[Cisco ASR (HSRPv1)] ---[L2SW]---[PA]

When HSRP failover went, sometimes do not  failover HSRP.

(about 1/4)

but, if VRRP and HSRPv2 does not occur.

There is an article as follows.

https://live.paloaltonetworks.com/docs/DOC-2366

I've read above.

It is written "Cisco device is upgrade HSRP V2"

If do not work, upgrade to HSRPv2?.

I think HSRPv1 not support.

Please let me know that it supports.

Thanks.

Hi, the ASR is configured in HSRP with another ASR, or with the L2SW? I don't understand. The HSRP is between two device interconnected by a PA fw?

ASR------>L2SW----->PA------>ASR ?

OR

        PA

        /    \

      L2SW

     /          \

ASR1       ASR2

Let me know.

Configration is following

ASR(HSRP:act)------ASR(HSRP:standby)

   |                      |

   |                      |

L2SW---------------------L2SW

           (Link Agg)     

    ---------------------

   |                      |

   |                      |

   |                      |

PA(act)-------------PA(standby)  

So when there is the switch active to standby the pa doesn't receive the new arp from the same ip. There is a vlan configured with hsrp between ASR that connect the ip of the ASR to PA with a default route vs the PA? The PA are connected to L2SW with interface in access L3 mode, or L2 mode?

When the ASR active goes down, the secondary ASR become active, but you haven't connectivity?

  • 1 accepted solution
  • 7727 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!