Most users with a PA5000 in Active-Active HA are running these mutli-datacenter. Can someone explain how traffic over HA links would synchronize sessions if the connections are at 10G. We basically notice downtime when the appliances go down for perceivably all sessions. Does anyone know what sessions are synchronized, is there a way to prioritize or something?
There are only 3 HA interfaces. For Active-Active the design must accomodate steering of traffic to the new device from the network, not the firewall. The sessions will not be synchronized over the Gigabit connection provided for synchronization. The firewall can only handle the traffic it is given, anymore and it will drop packets.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!