This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Panorama in HA

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama in HA

angel.camacho
L1 Bithead

‎02-14-2012 11:34 PM

Hi there!

I would like to know if someone is using the Management Panorama in HA (Primary and Secondary). I was looking for information about, but i could not find anything.

Thanks in advance!

Angel.

Labels:
0 Likes Likes
1 REPLY 1

angel.camacho
L1 Bithead

‎02-14-2012 11:45 PM

found-->

(admin guide) 🙂

Configuring HA



Panorama > High Availability

To support HA for Panorama, you can configure two Panorama devices to provide synchronized

connections to the managed firewalls. One Panorama device is designated as active and the other as

passive. If the active Panorama device becomes unavailable, the passive server takes over temporarily.

If preemption is enabled and the active device becomes available again, the passive device relinquishes

control and returns to the passive state.

HA for Panorama also involves the assignment of a primary device and secondary device for logging

purposes.

You can configure Panorama to use the same log external storage facility for the primary and secondary

devices (Network File System or NFS option) or configure logging internally. If the NFS option is

enabled, then during normal operations only the primary device receives the logs that are sent from the

managed firewalls. If local logging is enabled, then by default logs are sent to the primary and

secondary devices.

Configure the followings settings to enable HA on Panorama.

Note:

not backward compatible with Release 3.1 or earlier.

HA is supported only for managed devices running Release 4.0 or later. It is

Note:

functionality.

HA requires two Panorama licenses and unique serial numbers for

Table 130. Panorama HA Settings

Field Description

Setup

Enable HA Select the check box to enable HA.

Peer HA IP Address Enter the IP address of the HA1 interface that is specified in the Control Link section

of the other firewall.

Enable Encryption Select the check box to enable encryption for the synchronization link between the

active and passive Panorama devices.

Note:

49160 when encryption is not enabled.

HA connectivity uses TCP port 28 with encryption enabled and 28769 and

Monitor Hold Time

(ms)

Enter the length of time (ms) that the system will wait before acting on the control

link failure (1000-60000 ms, default 3000 ms).

0 Likes Likes
  • 2380 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks