Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-31-2011 12:09 PM
Greetings,
We have a single PA-500 which we will be putting guest (non-critical) internet traffic behind. Currntly it is patched in as such:
eth1/1: L3 - Trusted
eth1/2: L3 - Untrusted
Is there anyway to leverage HA between interfaces on the same device? Reason being is if one of the up-stream switches fails, I'd like to not have to physically move cables to keep traffic "up". For example, for redundancy purposes, we have two access switches that I could plug into on the Untrusted side - right now I'm only using one.
Hope that makes sense...
Thanks!
Message was edited by: msoldner
05-31-2011 04:53 PM
One thing to keep in mind in case of PBF you will be able to monitor a layer 3 address. So to detect the switch failure you might have to monitor a layer 3 address on the switch. Hope that helps.
08-09-2011 06:45 AM
Can you use PBF with multiple interfaces on the same subnet?
EDIT: To be more specific.
We have a single PA which both upstream and downstream have dual (redundand) access switches. I currently have a single uplink to one of the switches on both sides. I'd like to have some redundancy so that if one of the two access switches dies, the PA can re-route traffic. However, if I'm unable to put the interfaces on each side in separate subnets, is that possible?
So can I do the following:
Trusted:
e1/1 - 192.168.1.1 /24 > access switch 1
e1/2 - 192.168.1.2 /24 > access switch 2
Untrusted:
e1/3 - 192.168.2.1 /24 > access switch 1
e1/4 - 192.168.2.2/24 > access switch 2
I'd like to have e1/1 and e1/3 track the ip on each of the access switches they are plugged into and if that heartbeat goes away, it will fail over to the other link.
Thanks.
Message was edited by: msoldner
08-18-2011 04:25 PM
Hello
You still have single point of failure i.e. single unit.
The above setup will provide reduandancy with switch ports going down.
Policy based forwarding can be an option but would lead to several complications in this case.
We do not support equal cost multi path routing. Hence unit will not allow commit the configuration with overlapping subnets/IPs to the interfaces.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
