This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Raido_Rattameister
Cyber Elite
Cyber Elite

‎06-01-2023 08:57 PM - edited ‎06-01-2023 09:02 PM

HA1 is used to synchronize config and send heart beats. This is task of management plane so if firewall don't have dedicated HA1 port then it is best practice to use management interface for HA1.

HA2 is used to synchronize session table. Session table is on data plane. You can use any data port for HA2.

 

If you need only 7 ports and can use 1 for HA2 then it is perfect setup.

If you don't have any available data ports to use for HA2 then you can use only 1 link between firewalls - mgmt port for HA1.

But in this case passive firewall has no idea of session table and if you fail over then all clients loose their active sessions and need to rebuild (not user friendly :)).

 

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

View solution in original post

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks