This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

HA active/passive with single HA port ?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

HA active/passive with single HA port ?

Go to solution
LCMember4717
L3 Networker

‎12-19-2011 04:09 AM

hi,

i have two PA500 appliances am looking to configure them on HA mode , with my current setup i have utilized all 7 ports so one port left for me , as per the documents for HA ( A/A , A/P ) you need 3 or 2 ports to achieve the configuration... so is there a way to achieve HA ( A/P ) with single HA port ? because if not i have to re-setup the appliance to free up two ports for HA :smileygrin:

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
mharding
L4 Transporter

‎12-20-2011 07:09 AM

HA consists of two ports, the control (HA1) and the sessions (HA2). If you don't do HA2, all of the clients will have to restart their sessions if the box rolls. May or may not be a big deal.

You might be able to consolidate some of your interfaces with VLANs and trunk interfaces.

View solution in original post

0 Likes Likes
7 REPLIES 7

Go to solution
mharding
L4 Transporter

‎12-20-2011 07:09 AM

HA consists of two ports, the control (HA1) and the sessions (HA2). If you don't do HA2, all of the clients will have to restart their sessions if the box rolls. May or may not be a big deal.

You might be able to consolidate some of your interfaces with VLANs and trunk interfaces.

0 Likes Likes

Go to solution
rmonvon
L6 Presenter

‎12-20-2011 01:02 PM

We do not support having 1 HA port to handle HA1, HA2, and/or HA3.  You need a dedicated Eth port for each HA link.  You may want to try the consolidation method as suggested by umphmharding.

Thanks.

Go to solution
jdavis
Not applicable
In response to mharding

‎12-20-2011 01:41 PM

Have you successfully implemented this at your site or with any customers?  I could see this as an option for some of my customers who run PA-500s.

Thanks,

Jared

0 Likes Likes

Go to solution
mharding
L4 Transporter
In response to jdavis

‎12-20-2011 01:46 PM

Just running HA1 or the VLAN part?

We ran with just one HA port during testing on our PA-2050s for a day way back on PAN-OS 2.1.5 or 2.1.4. I think there's been a lot of changes since then. Smiley Happy

0 Likes Likes

Go to solution
rmonvon
L6 Presenter
In response to jdavis

‎12-20-2011 01:50 PM

Yes, HA is supported for the PA500 and we have customers using it.  Just to be clear, you have to use 1 Eth port for each HA link.

0 Likes Likes

Go to solution
LCMember4717
L3 Networker

‎12-20-2011 11:03 PM

what if i created a subinterfaces or it requires physical dedicated interfaces , am thinink to create a vlan on the switch for HA sessions create subinterfaces from single interface tag them with vlan id ?

0 Likes Likes

Go to solution
mharding
L4 Transporter
In response to LCMember4717

‎12-21-2011 05:59 AM

The HA interfaces aren't L2 or L3 interfaces, they're special to the PAN. They'll have to be dedicated ports.

0 Likes Likes
  • 1 accepted solution
  • 3941 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks