HA active/passive with single HA port ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

HA active/passive with single HA port ?

L3 Networker

hi,

i have two PA500 appliances am looking to configure them on HA mode , with my current setup i have utilized all 7 ports so one port left for me , as per the documents for HA ( A/A , A/P ) you need 3 or 2 ports to achieve the configuration... so is there a way to achieve HA ( A/P ) with single HA port ? because if not i have to re-setup the appliance to free up two ports for HA :smileygrin:

1 accepted solution

Accepted Solutions

L4 Transporter

HA consists of two ports, the control (HA1) and the sessions (HA2). If you don't do HA2, all of the clients will have to restart their sessions if the box rolls. May or may not be a big deal.

You might be able to consolidate some of your interfaces with VLANs and trunk interfaces.

View solution in original post

7 REPLIES 7

L4 Transporter

HA consists of two ports, the control (HA1) and the sessions (HA2). If you don't do HA2, all of the clients will have to restart their sessions if the box rolls. May or may not be a big deal.

You might be able to consolidate some of your interfaces with VLANs and trunk interfaces.

L6 Presenter

We do not support having 1 HA port to handle HA1, HA2, and/or HA3.  You need a dedicated Eth port for each HA link.  You may want to try the consolidation method as suggested by umphmharding.

Thanks.

Have you successfully implemented this at your site or with any customers?  I could see this as an option for some of my customers who run PA-500s.

Thanks,

Jared

Just running HA1 or the VLAN part?

We ran with just one HA port during testing on our PA-2050s for a day way back on PAN-OS 2.1.5 or 2.1.4. I think there's been a lot of changes since then. Smiley Happy

Yes, HA is supported for the PA500 and we have customers using it.  Just to be clear, you have to use 1 Eth port for each HA link.

L3 Networker

what if i created a subinterfaces or it requires physical dedicated interfaces , am thinink to create a vlan on the switch for HA sessions create subinterfaces from single interface tag them with vlan id ?

The HA interfaces aren't L2 or L3 interfaces, they're special to the PAN. They'll have to be dedicated ports.

  • 1 accepted solution
  • 3949 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!