Configure HA Clustering
Configure HA clustering on up to 16 firewalls to protect against failure of data center communications or to achieve horizontal scaling.
- Establish an interface as an HA interface (to later assign as the HA4 link).
- Selectand select an interface; for example, ethernet1/1.NetworkInterfacesEthernet
- Select theInterface Typeto beHA.
- Assign the interface to aSecurity Zone.
- Repeat this step to configure another interface to use as the HA4 backup link.
- Enable HA clustering.
- Selectand edit the Clustering Settings.DeviceHigh AvailabilityGeneral
- Enable Cluster Participation.
- Enter theCluster ID, a unique numeric ID for an HA cluster in which all members can share session state; range is 1 to 99.
- Enter a short, helpfulCluster Description.
- (Optional) ChangeCluster Synchronization Timeout (min), which is the maximum number of minutes that the local firewall waits before going to Active state when another cluster member (for example, in unknown state) is preventing the cluster from fully synchronizing; range is 0 to 30; default is 0.
- (Optional) ChangeMonitor Fail Hold Down Time (min), which is the number of minutes after which a down link is retested to see if it is back up; range is 1 to 60; default is 1.
- Configure the HA4 link.
- SelectHA Communicationsand in the Clustering Links section, edit the HA4 section.
- Select the interface you configured in the first step as anHAinterface to be thePortfor the HA4 link; for example, ethernet1/1.
- Enter theIPv4/IPv6 Addressof the local HA4 interface.
- Enter theNetmask.
- (Optional) Change theHA4 Keep-aliveThreshold (ms)to specify the timeframe within which the firewall must receive keepalives from a cluster member to know that the cluster member is functional; range is 5,000 to 60,000; default is 10,000.
- Configure the HA4 Backup link.
- Edit the HA4 Backup section.
- Select the other interface you configured in the first step as anHAinterface to be thePortfor the HA4 backup link.
- Enter theIPv4/IPv6 Addressof the local HA4 backup interface.
- Enter theNetmask.
- Specify all members of the HA cluster, including the local member and both HA peers in any HA pair.
- SelectCluster Config.
- (On a supported firewall)Adda peer member’sDevice Serial Number.
- (On Panorama)Addand select aDevicefrom the dropdown and enter aDevice Name.
- Enter theHA4 IP Addressof the HA peer in the cluster.
- Enter theHA4 Backup IP Addressof the HA peer in the cluster.
- EnableSession Synchronizationwith the peer you identified.
- (Optional) Enter a helpfulDescription.
- Select the device andEnableit.
- Define HA failover conditions with link and path monitoring.
- (Panorama only) Refresh the list of HA firewalls in the HA cluster.
- Under Templates, select.DeviceHigh AvailabilityCluster Config
- ClickRefreshat the bottom of the screen.
- View HA cluster information in the UI.
- View the HA cluster fields. The top section displays cluster state and HA4 connections to provide cluster health at a glance. The HA4 and HA4 Backup indicators will be one of the following: Green indicates the link status of the cluster members is Up. Red indicates the link status of all the cluster members is Down. Yellow indicates the link status of some cluster members is Up while the status of other cluster members is Down. Grey indicates not configured. The center section displays the capacity of the local session table and session cache table so you can monitor how full the tables are and plan for firewall upgrades. The lower section displays communication errors on the HA4 and HA4 backup links, signifying possible problems with synchronizing information between members.
Recommended For You
Recommended videos not found.