You can now deploy traditional High Availability active/passive configurations on PA-5500 and PA-7500 Series firewalls (Generation 5 hardware platform). This capability addresses a critical gap for users who require active/passive failover solutions but cannot use NGFW clustering on these advanced platforms. When you configure traditional HA active/passive on these firewalls, you maintain similar configuration workflows and operational behaviors that you rely on with legacy HA deployments across other Palo Alto Networks platforms.

Unlike clustering where all members actively forward traffic, HA active/passive mode maintains the traditional model where only the active device processes traffic while the passive device remains in standby, ready to assume the active role during a failover event. You benefit from this approach when you need redundancy without the complexity of traffic distribution across multiple active devices, and when your deployment priorities focus on maintaining existing operational procedures rather than scaling throughput.

In HA Active/Passive mode, the PA-5500 and PA-7500 Series firewalls must use the High Speed Chassis Interconnect (HSCI) to connect the two chassis. The HSCI interfaces aggregate both HA1 and HA2 functions: Session synchronization and configuration synchronization. The HSCI-A is the primary interface, whereas HSCI-B can be configured as a backup interface. You can configure this solution without requiring Panorama management, maintaining the same configuration and state synchronization capabilities that exist in current-generation platforms while providing the reliability and performance characteristics of the Generation 5 architecture.

The HA active/passive capability ensures you can migrate to newer hardware platforms without redesigning your high availability architecture, while still gaining access to the enhanced performance and feature capabilities that Generation 5 platforms deliver. This approach particularly suits environments where you require the processing power of modern hardware but must maintain the operational simplicity and predictable behavior patterns of traditional active/passive high availability configurations.