found--> (admin guide) 🙂 Configuring HA Panorama > High Availability To support HA for Panorama, you can configure two Panorama devices to provide synchronized connections to the managed firewalls. One Panorama device is designated as active and the other as passive. If the active Panorama device becomes unavailable, the passive server takes over temporarily. If preemption is enabled and the active device becomes available again, the passive device relinquishes control and returns to the passive state. HA for Panorama also involves the assignment of a primary device and secondary device for logging purposes. You can configure Panorama to use the same log external storage facility for the primary and secondary devices (Network File System or NFS option) or configure logging internally. If the NFS option is enabled, then during normal operations only the primary device receives the logs that are sent from the managed firewalls. If local logging is enabled, then by default logs are sent to the primary and secondary devices. Configure the followings settings to enable HA on Panorama. Note: not backward compatible with Release 3.1 or earlier. HA is supported only for managed devices running Release 4.0 or later. It is Note: functionality. HA requires two Panorama licenses and unique serial numbers for Table 130. Panorama HA Settings Field Description Setup Enable HA Select the check box to enable HA. Peer HA IP Address Enter the IP address of the HA1 interface that is specified in the Control Link section of the other firewall. Enable Encryption Select the check box to enable encryption for the synchronization link between the active and passive Panorama devices. Note: 49160 when encryption is not enabled. HA connectivity uses TCP port 28 with encryption enabled and 28769 and Monitor Hold Time (ms) Enter the length of time (ms) that the system will wait before acting on the control link failure (1000-60000 ms, default 3000 ms).
... View more