- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-19-2017 12:09 PM
The first step seems a bit contradictory, just looking for some clarification. I have 2x5220s that I am setting up in HA Active-Passive mode. To cable the dedicated interfaces it looks like I just use regular ethernet cables, but the second sentence "Use a crossover cable if the peers are directly connected to each other." seems to contradict the first sentence. Can anyone explain when crossover cables would be used?
Step 1 >>
Connect the HA ports to set up a physical connection between the firewalls.
12-19-2017 02:04 PM
Some networks that are setup across multiple different buildings will utilize intermediate connections to connect the HA ports, and therefore the device is not actually directly connected to eachother. In this case you would use a normal patch cable.
If your Active/Passive units are going to be located in the same area, and they are going to be directly connected to each other (cable from HA1 on Active to HA1 on Passive), it is recommended to use a crossover cable.
Most networks that are actually dispursed between buildings are unlikely to use the ethernet HA ports however, instead they would setup SFP ports to simply utilize a direct fiber connection between firewalls.
12-19-2017 02:07 PM
Hello,
While it is recoomended, it is not required. I have two in HA and use straight through cables and it works just fine. Most modern swithces/routers/firewalls can detect and compensate for this.
Regards,
12-19-2017 02:04 PM
Some networks that are setup across multiple different buildings will utilize intermediate connections to connect the HA ports, and therefore the device is not actually directly connected to eachother. In this case you would use a normal patch cable.
If your Active/Passive units are going to be located in the same area, and they are going to be directly connected to each other (cable from HA1 on Active to HA1 on Passive), it is recommended to use a crossover cable.
Most networks that are actually dispursed between buildings are unlikely to use the ethernet HA ports however, instead they would setup SFP ports to simply utilize a direct fiber connection between firewalls.
12-19-2017 02:07 PM
Hello,
While it is recoomended, it is not required. I have two in HA and use straight through cables and it works just fine. Most modern swithces/routers/firewalls can detect and compensate for this.
Regards,
12-19-2017 02:11 PM
@OtakarKlier is very much right, and why I put recommended in italics. Crossover cables are quickly becoming something that nobody actually uses anymore, and outside of a couple really old routers I've come across I can't recall the last time I've truthfully ran across a device that fully required a crossover cable be used.
12-20-2017 07:47 AM
Thank you all for the replies. I will use straight cables and see how it goes. I haven't used crossover cables since the days of hubs...and once switches and Auto-MDI/MDIX capabilities came along I never used a crossover cable unless it was required. It caught me a little off-guard when I saw that listed in the steps.
Mike
12-20-2017 08:22 AM
Yes that is exactly what we need is to have them connected by fiber and not through switches etc that when they loose power have cause a split brain condition on my network since there are located in different buildings. We discovered this when we had a power outage in the building where the active PA was located and they were both passing traffic cause they couldn't talk to the there HA partner and both thought the other was down.
04-10-2018 12:46 AM
Hello
I have question.
For PA-5220, is it better to use HA cable as 1G UTP? Or is it better to use 10G UTP? As far as I know, using 1G UTP does not seem to be a problem. Could you give me an answer? Thank you.
04-10-2018 07:33 AM
I have been using 1G UTP and it's working. No synchronization issues or anything like that, but it depends on your setup. Make sure to read the posts in this thread and the configuration guide and if you're still not sure consult with tech. support or your sales SE.
04-10-2018 11:12 AM
@mike406 is right. This works perfectly fine in some situations, and it would work really poorly in others. This depends on the utilization of the 5220 and ensuring that you don't find youself hitting saturdation on the links.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!