Use Case: Configure Active/Active HA with Floating IP Addresses

In this Layer 3 interface example, the HA firewalls connect to switches and use floating IP addresses to handle link or firewall failures. The end hosts are each configured with a gateway, which is the floating IP address of one of the HA firewalls. See Floating IP Address and Virtual MAC Address.

1. Configure Active/Active HA.

   Perform Step 1 through Step 15.
2. Configure an HA virtual address.

   You need a virtual address to use a Floating IP Address and Virtual MAC Address.

   1. In DeviceHigh AvailabilityActive/Active Config, Add a Virtual Address.
   2. Enter or select an Interface.
   3. Select the IPv4 or IPv6 tab and click Add.
   4. Enter an IPv4 Address or IPv6 Address.
   5. For Type, select Floating to configure the virtual IP address to be a floating IP address.
3. Configure the floating IP address.

   1. Do not select Floating IP bound to the Active-Primary device.
   2. For Device 0 Priority and Device 1 Priority, enter a priority for the firewall configured with Device ID 0 and Device ID 1, respectively. The relative priorities determine which peer owns the floating IP address you just configured (range is 0 to 255). The firewall with the lowest priority value (highest priority) owns the floating IP address.
   3. Select Failover address if link state is down to cause the firewall to use the failover address when the link state on the interface is down.
   4. Click OK.
4. Enable jumbo frames on firewalls other than PA-7000 Series firewalls.

   Perform Step 19 of Configure Active/Active HA.
5. Define HA Failover Conditions
6. Commit the configuration.
7. Configure the peer firewall in the same way, except selecting a different Device ID.

   For example, if you selected Device ID 0 for the first firewall, select Device ID 1 for the peer firewall.