Next-Generation Firewall
HA General Settings
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
HA General Settings
- Device > High Availability > General
To configure high availability (HA) pairs or HA cluster members,
begin by selecting DeviceHigh AvailabilityGeneral and
configuring the general settings.
HA Settings | Description |
---|---|
General Tab | |
HA Pair Settings—Setup | Enable HA Pair to
activate HA pair functionality and to access the following settings:
Enable config sync so that both devices always
have the same configuration and process traffic the same way.
|
Active/Passive Settings |
|
Election Settings | Specify or enable the following settings:
|
| |
| |
SSH HA Profile Setting | A type of SSH service profile that applies
to the SSH sessions for the high availability (HA) appliances on
your network. To apply an existing HA profile, select a profile,
click OK, and Commit your
change. You must perform an SSH service restart from your
CLI to activate the profile. For more information,
see Device > Certificate Management > SSH Service Profile. |
Clustering Settings | Enable Cluster Participation to
access the clustering settings. Firewalls that support HA clustering
allow clusters of member firewalls (individuals or HA pairs where
each firewall in a pair counts toward the total). The number of
members per cluster that a firewall model supports is as follows:
Configure the cluster:
|
Operational Commands | |
Suspend local device (or Make local device functional) | To place the local HA peer into a suspended
state and temporarily disable HA functionality on it, use the following
CLI operational command:
To
place the suspended local HA peer back into a functional state, use
the CLI operational command:
To
test failover, you can uncable the active (or active-primary) firewall. |