This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

HA configuration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

HA configuration

evaristov
Not applicable

‎08-03-2011 10:11 AM

I just want to check if this configuration of HA active/active is possible on PANOS 4.0.x having single router as gateway and a core switch to connect to internal LAN. From what I have seen in the HA active/active configuration, seems like router and switches are also configured as HA. If this is possible, please help me understand how to configure PA using this setup.

Preview file
13 KB
0 Likes Likes
2 REPLIES 2

bryan
L3 Networker

‎08-04-2011 07:46 AM

Hello,


Typically with this type of configuration, there would also be a switch between the trust interface of the Router & untrust interfaces of the FW's (Allowing both PA's to share the Single trust L3 interface of the Router). This could also be accomplished by creating a private (non-routable) vlan on your core switch solely for the edge devices to communicate. (assuming you do not have additional hardware to deploy). Either option (despite having FW redundancy) would still be subject to single points of failure with the upstream/downstream devices.

As far as configuration assistance, we can refer you to documentation posted on Knowledgepoint:

https://live.paloaltonetworks.com/docs/DOC-1756

Any type of design related questions/validation, etc... would typically require engaging your SE.

Regards,

Bryan

evaristov
Not applicable
In response to bryan

‎08-04-2011 07:57 AM

Hi Bryan,

Thank you very much for the input on this one, just what I thought, it should be possible.

This is just an inquiry out of an idea, thus I felt this is the best channel to consult, as there maybe other folks out there who might have done this or interested in doing the same.

Nonetheless, I appreciate all the help and thanks for looking at this.

0 Likes Likes
  • 3025 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks