11-17-2023 01:03 PM
I would like to know if anyone has changed HA from AA to AP and has configured floating IP in AA mode. How was the solution to bring it to the AP?
Thanks a lot.
11-19-2023 02:44 AM
Hi @For.Support ,
Active/Passive HA only needs 1 IP address per interface. When the active NGFW fails, the passive starts using the IP address. It also send a Gratuitous ARP for data plane interfaces. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLVICA4
It sends the GARP "to update L2 and ARP table of neighboring devices." In most instances, a virtual MAC is used for the IP addresses. So, ARP tables do not need to be updated. However, the switch will update its L2 table when it receives the Ethernet frame. In most instances, the same virtual MAC is used for non-data-plane IP addresses. So, the steps in the doc only apply to hypervisor assigned MAC addresses.
So, to migrate from A/A to A/P, configure the floating IP address on the interface. If you are not using the IP addresses currently on the interfaces (i.e., only using the floating IP address for routing or other functions), then you can replace them with the single IP address.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
