HA Overview
Focus
Focus

HA Overview

Table of Contents
End-of-Life (EoL)

HA Overview

You can configure two Palo Alto Networks firewalls as an HA pair or configure up to 16 firewalls as peer members of an HA cluster. The peers in the cluster can be HA pairs or standalone firewalls. HA allows you to minimize downtime by making sure that an alternate firewall is available in the event that a peer firewall fails. The firewalls in an HA pair or cluster use dedicated or in-band HA ports on the firewall to synchronize data—network, object, and policy configurations—and to maintain state information. Firewall-specific configuration such as management interface IP address or administrator profiles, HA specific configuration, log data, and the Application Command Center (ACC) information is not shared between peers.
For a consolidated application and log view across an HA pair, you must use Panorama, the Palo Alto Networks centralized management system. See Context Switch—Firewall or Panorama in the Panorama Administrator’s Guide. Consult the Prerequisites for Active/Passive HA and Prerequisites for Active/Active HA. It is highly recommended that you use Panorama to provision HA cluster members. Consult the HA Clustering Best Practices and Provisioning.
When a failure occurs on a firewall in an HA pair or HA cluster and a peer firewall takes over the task of securing traffic, the event is called a Failover. The conditions that trigger a failover are:
Palo Alto Networks firewalls support stateful active/passive or active/active high availability with session and configuration synchronization with a few exceptions:
  • The VM-Series firewall on Azure and VM-Series firewall on AWS support active/passive HA only.
    On AWS, when you deploy the firewall with the Amazon Elastic Load Balancing (ELB) service, it does not support HA (in this case, ELB service provides the failover capabilities).
  • The VM-Series firewall on Google Cloud Platform does not support HA.
Begin by understanding the HA Concepts and the HA Clustering Overview if you are going to configure HA clustering.