Use Case: Configure Active/Active HA with Floating IP Addresses
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Use Case: Configure Active/Active HA with Floating IP Addresses
In this Layer 3 interface example, the HA
firewalls connect to switches and use floating IP addresses to handle
link or firewall failures. The end hosts are each configured with
a gateway, which is the floating IP address of one of the HA firewalls.
See Floating
IP Address and Virtual MAC Address.
- Configure Active/Active HA.Configure an HA virtual address.You need a virtual address to use a Floating IP Address and Virtual MAC Address.
- In DeviceHigh AvailabilityActive/Active Config, Add a Virtual Address.Enter or select an Interface.Select the IPv4 or IPv6 tab and click Add.Enter an IPv4 Address or IPv6 Address.For Type, select Floating to configure the virtual IP address to be a floating IP address.Configure the floating IP address.
- Do not select Floating IP bound to the Active-Primary device.For Device 0 Priority and Device 1 Priority, enter a priority for the firewall configured with Device ID 0 and Device ID 1, respectively. The relative priorities determine which peer owns the floating IP address you just configured (range is 0 to 255). The firewall with the lowest priority value (highest priority) owns the floating IP address.Select Failover address if link state is down to cause the firewall to use the failover address when the link state on the interface is down.Click OK.Enable jumbo frames on firewalls other than PA-7000 Series firewalls.Perform Step 19 of Configure Active/Active HA.Define HA Failover ConditionsCommit the configuration.Configure the peer firewall in the same way, except selecting a different Device ID.For example, if you selected Device ID 0 for the first firewall, select Device ID 1 for the peer firewall.