Hi HA1 syncs configuration and heartbeats, it uses dedicated-ha1a/ha1b ports (by default) HA2 syncs the session table, it uses a dedicated HSCI port (10gb fiber) You want both up for proper High Availability. You can assign a Dataplane port to be of type 'HA' and then you can use it instead of the dedicated HA ports (it will be available in the drop down list under HA1/HA1 backup/HA2/HA2 backup). This can give you the option to use ethernet1/19 as type HA, used by HA1, connected over a fiber link with appropriate GBIC on both sides thus avoiding a converter. Configuration wise: Firewall-1 Control Link (HA1) IPv4: 1.1.1.1 / 255.255.255.248 Peer HA1 IP Address (in the Setup page): 1.1.1.2 Firewall-2 Control Link (HA1) IPv4: 1.1.1.2 / 255.255.255.248 Peer HA1 IP Address (in the Setup page): 1.1.1.1 It's a bit tricky to explain all the possible scenarios, I hope it was clear. Just remember that each FW needs to know the IP address of it's peer for HA1 to come up. Lastly, use HA1 backup as management port and put 'Backup Peer HA1 IP Address=MGMT-IP of other FW.
... View more