Im in the process of setting up a pair of pa200 for ha, ive read through the documentation but im not clear on a few things.
The PA200, if i do an update on the FW for either software of dynamic updates it uses the management port to do the work.
If I configure HA I will need to use the management port and one of the ethernet ports, the other three are allocated with eth1 being used for the WAN link.
If i do a software update, do I need to make a configuration change to get the FW to initiate the update from eth1 rather than the in use management port.
Solved! Go to Solution.
I configured ha-lite on two pa-200 but when doing so i lost functioning of my eth4 interface which is connected to the internet. All other interfaced worked normaly..even a sub interface on eth4 worked.
Is this because i have Feature GlobalProtectGateway enabled on this interface?
If by losing the interface, you mean accessing HTTPS service on eth1/4. You need to access this interfaces on port 4443
When HA is enabled for the 1st time, the MAC address on the Eth interface changes to a virtual MAC that can be used by both PA's. Maybe this happens and your ISP router need to refresh its ARP table?
rmonvon: I thought the PA will send out a gratuitous ARP when any HA events take place, in order to "push" the change to any devices that might have an old MAC address cached in their ARP tables
Well then i would loos the DHCP Information or would they stay? I can do a DHCP Renew and get the IP.
It's really strange, everything looks normal...routing everything...but ping 126.96.36.199 goes now to nirvana....maybe it's realy the isp router...problem is that i can't reboot that from remote..
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!