HA active/passive with single HA port ?

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L3 Networker

HA active/passive with single HA port ?

hi,

i have two PA500 appliances am looking to configure them on HA mode , with my current setup i have utilized all 7 ports so one port left for me , as per the documents for HA ( A/A , A/P ) you need 3 or 2 ports to achieve the configuration... so is there a way to achieve HA ( A/P ) with single HA port ? because if not i have to re-setup the appliance to free up two ports for HA :smileygrin:


Accepted Solutions
Highlighted
L4 Transporter

HA consists of two ports, the control (HA1) and the sessions (HA2). If you don't do HA2, all of the clients will have to restart their sessions if the box rolls. May or may not be a big deal.

You might be able to consolidate some of your interfaces with VLANs and trunk interfaces.

View solution in original post


All Replies
Highlighted
L4 Transporter

HA consists of two ports, the control (HA1) and the sessions (HA2). If you don't do HA2, all of the clients will have to restart their sessions if the box rolls. May or may not be a big deal.

You might be able to consolidate some of your interfaces with VLANs and trunk interfaces.

View solution in original post

Highlighted
L6 Presenter

We do not support having 1 HA port to handle HA1, HA2, and/or HA3.  You need a dedicated Eth port for each HA link.  You may want to try the consolidation method as suggested by umphmharding.

Thanks.

Highlighted
Not applicable

Have you successfully implemented this at your site or with any customers?  I could see this as an option for some of my customers who run PA-500s.

Thanks,

Jared

Highlighted
L4 Transporter

Just running HA1 or the VLAN part?

We ran with just one HA port during testing on our PA-2050s for a day way back on PAN-OS 2.1.5 or 2.1.4. I think there's been a lot of changes since then. :smileyhappy:

Highlighted
L6 Presenter

Yes, HA is supported for the PA500 and we have customers using it.  Just to be clear, you have to use 1 Eth port for each HA link.

Highlighted
L3 Networker

what if i created a subinterfaces or it requires physical dedicated interfaces , am thinink to create a vlan on the switch for HA sessions create subinterfaces from single interface tag them with vlan id ?

Highlighted
L4 Transporter

The HA interfaces aren't L2 or L3 interfaces, they're special to the PAN. They'll have to be dedicated ports.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!