Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-14-2013 09:53 AM
Im in the process of setting up a pair of pa200 for ha, ive read through the documentation but im not clear on a few things.
The PA200, if i do an update on the FW for either software of dynamic updates it uses the management port to do the work.
If I configure HA I will need to use the management port and one of the ethernet ports, the other three are allocated with eth1 being used for the WAN link.
If i do a software update, do I need to make a configuration change to get the FW to initiate the update from eth1 rather than the in use management port.
01-14-2013 09:57 AM
no you can still use the mgmt port for software upgrades while using it as a part of ha !!
01-14-2013 09:57 AM
no you can still use the mgmt port for software upgrades while using it as a part of ha !!
03-11-2013 12:08 PM
Hi guys , its possible to do a HA with PA-200 right ?
This HA just to syncronization configuration , policies and networks ?
Best regards.
09-19-2013 01:34 AM
I configured ha-lite on two pa-200 but when doing so i lost functioning of my eth4 interface which is connected to the internet. All other interfaced worked normaly..even a sub interface on eth4 worked.
Is this because i have Feature GlobalProtectGateway enabled on this interface?
09-19-2013 02:33 AM
If by losing the interface, you mean accessing HTTPS service on eth1/4. You need to access this interfaces on port 4443
09-19-2013 05:30 AM
When HA is enabled for the 1st time, the MAC address on the Eth interface changes to a virtual MAC that can be used by both PA's. Maybe this happens and your ISP router need to refresh its ARP table?
09-19-2013 06:39 AM
rmonvon: I thought the PA will send out a gratuitous ARP when any HA events take place, in order to "push" the change to any devices that might have an old MAC address cached in their ARP tables
09-19-2013 11:56 AM
Well then i would loos the DHCP Information or would they stay? I can do a DHCP Renew and get the IP.
It's really strange, everything looks normal...routing everything...but ping 8.8.8.8 goes now to nirvana....maybe it's realy the isp router...problem is that i can't reboot that from remote..
09-19-2013 12:04 PM
Correct!
sh mac adderss-table inter gi1/0/4
it list a new mac address.....shit....Thanks for help
09-19-2013 04:35 PM
egearhart...Yes, you are correct and the PA would issue a gratuitous ARP upon changing to the virtual MAC. However, I have encountered a number of routers, including Cisco, that will not update and they retain the previous MAC address.
gsteiner...:-)
09-20-2013 04:05 AM
it didn't work...i tried it again...i enabled the cluster then i rebooted the ISP Modem after 3 min i got a new IP Address (DHCP).
I see the traffic in Monitor but application is everything "incomplete" and it dosn't work anymore.....as soon i disable Cluster and commit it works as allways...
Anyidee why HA-Lite dosn't work with a DHCP Device????
It worked on a PA500 without problems.....
09-21-2013 01:48 PM
How is your eth4 configured ? you said subinterface works, you already have subinterfaces or just for trying purpose you added ?
Did you try to access from your eth4 ip to default gateway and internet for troubleshoot better.
using ping source eht4/ip host destination_ip
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
