02-22-2026 09:29 PM
I have a client with a Panorama HA Pair that spans facilities via DWDM. It's fast enough (sub 10ms) to run an LCG that spans both DCs, but this is still poor design as it effectively halves the MTBF (you're now dependent on both members of a 2-node cluster to be operational thanks to the Elasticsearch quorum).
So we run 2 independent LCGs to improve overall availability of each LC, which also minimises log traffic over the DCI by including only the local devices in each LCG's preference list.
The only challenge with this approach, or any Panorama HA pair for that matter, is that there is no redundancy in the log collection layer without introducing 2 additional collectors at each site (since we don't want an LCG to span facilities). If a Panorama instance fails, the devices logging to that instance buffer until it's available.
Is there a way to achieve redundant log collection in a Panorama HA pair without increasing the deployment footprint?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
