HSCI Port

cancel
Showing results for 
Search instead for 
Did you mean: 

HSCI Port

L4 Transporter

Hi,

 

I finally received my pair of 3250s and noticed there is the HSCI port used for HA.  I didn't realize this before purchasing, so I do not have the cable.  Is there a reason why I can't just dedicate an interface for HA to use for HA2?  

 

In case it matters, these firewalls will be located on internet edge. 

1 ACCEPTED SOLUTION

Accepted Solutions

L5 Sessionator

Good question!  How do you size the HA2 links?  I haven't seen any documentation on this, but I ran into this video on YouTube -> https://www.youtube.com/watch?v=4hFQypgOAGk.  Go to 1:15:47.

 

If my math is correct, the PA-3250 supports 63,700 connections per second which requires 122 Mbps over Ethernet.  In this table, I would populate the IP and UDP headers if used.  The Bytes per Connection is the total of the indented rows.  The Total Bits per Second = row1*row2*row7.

 

Connections per Second        63,700
Bytes per Connection                  238
     Session Sync Bytes                220
     Ethernet Header/FCS               18
     IP header (20)                             0
     UDP Header (8)                          0
Bits per Byte                                   8
Total Bits per Second    121,284,800

 

So, GE or higher is plenty, assuming the bytes per connection in the video is correct.

Help the community: Like helpful comments and mark solutions.

View solution in original post

6 REPLIES 6

L1 Bithead

Hey Ce1028,

we have our 3250's on the edge configured with one of the ethernet ports for HA2 instead of the HSCI ports and have not had issues during our failovers.

I am not sure if there are any cons to this setup that someone else can speak to, besides losing one of our available ethernet ports, but we have had no issues. 

L5 Sessionator

Good question!  How do you size the HA2 links?  I haven't seen any documentation on this, but I ran into this video on YouTube -> https://www.youtube.com/watch?v=4hFQypgOAGk.  Go to 1:15:47.

 

If my math is correct, the PA-3250 supports 63,700 connections per second which requires 122 Mbps over Ethernet.  In this table, I would populate the IP and UDP headers if used.  The Bytes per Connection is the total of the indented rows.  The Total Bits per Second = row1*row2*row7.

 

Connections per Second        63,700
Bytes per Connection                  238
     Session Sync Bytes                220
     Ethernet Header/FCS               18
     IP header (20)                             0
     UDP Header (8)                          0
Bits per Byte                                   8
Total Bits per Second    121,284,800

 

So, GE or higher is plenty, assuming the bytes per connection in the video is correct.

Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite

Hello,

Yeah my sales team got an earful with our purchase, but we knew ahead of time, luckily. I also asked them to just include the cable since we already paid so much for the devices. Oh well, we did the same and just used 10GB gbics for ours. I preferred the legacy rj45, but I know it wont work in every case.

 

Regards,

L4 Transporter

@OtakarKlier @sellington @TomYoung appreciate your responses. 

 

For the price, they should be including the cable for sure.

 

Interesting video. I won't have even half the maximum session/second that the fw supports, so my assumption is just using a 1GB port should be more than adequate. I am using 1GB port on current 3050. I wouldn't want to risk running into any problems though. Decisions decisions

Exactly!  I think you should be fine.  The video guy was a PANW engineer.  The data is probably accurate.

Help the community: Like helpful comments and mark solutions.

Thanks @TomYoung 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!