06-03-2016 05:54 AM
How do I add firewalls in active and standby mode in panoroma if both active and stanby firewalls have same interface defined
. In this case ethernet1/21 and ethernet1/22
06-03-2016 07:03 AM
Hi Kirit
Are you encountering an issue or error message ?
There should not be an issue with adding both devices to panorama with both having the same interfaces, as this is a requirement for a HA pair
06-03-2016 10:09 AM
How does HA work in palo alto? Does it use vrrp? We want to use active/passive config but we want to assign different physical ips to each interface on active and passive firewall?
06-03-2016 10:21 AM
Regardless of the HA mode used (A/A or A/P), each firewall retains it's unique/dedicated out-of-band management IP address. The differences between the two are more apparent on the firewall/dataplane interfaces:
Active/Passive:
- The Mac/IP Addresses for the dataplane interfaces are owned by the active firewall. Nothing is present on the passive firewall (except for it's dedicated/oob management port). In the event of a failover, the Mac/IP addresses float from the previously-active unit to the new active unit.
Active/Active:
- Is more complicated. Can be configured where no IP addressing is shared between firewalls, or can be configured with some shared addressing along with some dedicated addressing.
Generally speaking, I would recommend Active/Passive high-availability unless your network design has the possibility of asymmetric routing (ie: packet leaves firewall 1 via ISP1 and returns via ISP2 through firewall2).
Do you want each firewall to have a unique IP address just for management purposes, or is it to accomodate the network architecture north/south of the firewalls?
03-09-2024 02:09 PM
Dear friends ,
I am going to configure 1 Palo alto 5250 firewall, the physicals connection is as attached below
kindly i need support for this the way to configure on Firewall side
the down link peer device is Master / standby core switch and upper link is ISP
my question is i already added one interface from fw to Master switch and bend ip informion but how i add another interface and connect to standby switch , the way to assign ip on another interface
03-11-2024 02:48 AM
mayby Aggregate Interface will help
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
