Is there any benefit to configuring HA2 and HA2 Backup or is it unnecessary?
top of page
To see this working, head to your live site.
Comments (3)
Commenting on this post isn't available anymore. Contact the site owner for more info.
Forum: Forum
bottom of page
you should always set HA2 as without session sync failovers are dramatic.
It is the core reason to have a cluster in the first place: seamless failover
Without ha2 you can just as well set up 2 standalone devices and do ospf or install a load balancer ;) )
there is no recommendation to have HA2-backup in the panw best practices (also not one for HA1-backup, but please take my word that this is a must, you can use the mgmt interface if no physical interface is available))
HA2 allows the primary member of a cluster to share its state table, which allows the standby firewall to "continue" all existing sessions if there's a failover. HA2 backup is simply a backup link in case the primary HA2 link goes down, so the cluster can keep sharing the state table. From a redundancy perspective I would prioritize setting a HA1 backup (as this prevents split brain) and if you need to tick a (compliancy) box, add HA2