Each high availability (HA) interface has a specific function:
one interface is for configuration synchronization and heartbeats,
and the other interface is for state synchronization. If active/active
high availability is enabled, the firewall can use a third HA interface
to forward packets.
Some Palo Alto Networks firewalls include dedicated physical
ports for use in HA deployments (one for the control link and one
for the data link). For firewalls that do not include dedicated
ports, you must specify the data ports that will be used for HA.
For additional information on HA, refer to “Device > Virtual Systems”.
To configure an HA interface, click the name of an Interface
(ethernet1/1, for example) that is not configured and specify the
following information.
HA Interface Settings
Description
Interface Name
The interface name is predefined and you
cannot change it.
Comment
Enter an optional description for the interface.
Interface Type
Select HA.
Link Speed
Select the interface speed in Mbps (10, 100,
or 1000), or select auto to
have the firewall automatically determine the speed.
Link Duplex
Select whether the interface transmission
mode is full-duplex (full), half-duplex (half),
or negotiated automatically (auto).
Link State
Select whether the interface status is enabled
(up), disabled (down),
or determined automatically (auto).
