05-14-2012 10:18 AM
I'm working for a new company building out several new data centers. They got a jump on getting things up and running before hiring their own resource and had a consultant setup a couple of pairs of PA-2050s. They are active/passive. The consultant set up the HA interfaces with no IP addresses. Is this an OK configuration? They seem happy, but every guide I've looked at - and the training I attended - all show addresses on the interfaces. Are there any drawbacks to not having addresses on the interfaces?
05-14-2012 11:33 PM
I guess it should work if the boxes are directly connected to each other (only using a single tp-cable for each HA interface).
However I cant find anything about that this would be optional according to the PA-4.1_Administrators_Guide.pdf
It rather states that (in HA settings):
* Peer HA IP Address—Enter the IP address of the HA1 interface that is specified
in the Control Link section of the other firewall.
* Backup Peer HA IP Address—Enter the IP address of a backup peer HA firewall.
Enter the IP address for the peer’s backup control link.
But at the same time the screenshot at page 70 shows 2 HA-interfaces configured at dataplane without ip addresses set (at least not shown in the GUI which the screenshot displays).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!