03-26-2020 02:05 AM
I'm not sure if this documentation exists somewhere but I can't seem to find it.
we have a customer with palo alto 5200 series firewall.
due to covid-19 (as is the case with so many companies they are currently production stress testing the firewall with extra load due to teleworking, etc)
the firewall handles it fine. however the ha1 and ha2 interface are seeing high traffic. and the customer is worried that might be an issue if a failover has to happen.
now here's the problem: customer is using 1gb interfaces for both ha1 and ha2 link.
and states that 1gb for ha1 and 1gb for ha2 should be enough.
I would like to counter that as most interfaces on the 5200 series support 10gb speeds( of course for the customer it's a bit of a costly solution if he has to provide 10gb sfp's, 10gb switches, etc in between)
let alone the default hsci and aux can go even above that 10gb
unfortunately I don't find any official documentation/datasheets/recommendations from palo alto stating what speeds they recommend for ha1/ha2 links if you are not using the default configured ones.
does anyone know if this is available somewhere? if not my answer will have to be that seeing as the default ha link is set up for 10gb and up it's reasonable to assume that was done for a reason and not just for bragging rights " look at our 10gb ha sync".
however I get the feeling our customer will only accept that explanation if I can prove it by means of a document/support case which I would like to avoid.
