An overview and the task you perform to configure a Panorama
Managed Prisma Access deployment in High Availability (HA).
Deploying Panorama appliances in a high availability
(HA) configuration provides redundancy in case of a system or network failure
and ensures that you have continuous connectivity to Prisma Access.
In an HA configuration, one Panorama appliance peer is the active-primary and
the other is the passive-secondary. In the event of a failover,
the secondary peer becomes active and takes over the role of managing
Prisma Access.
To simplify the HA set up, configure the Panorama
appliances in HA after you purchase Prisma Access and
Strata Logging Service auth codes and components and associate the serial number of
the primary Panorama appliance on which you plan to install the
Cloud Services plugin with the auth codes, but before you
Activate and Install Panorama Managed Prisma Access. However,
you can also use this process to configure existing Panorama appliances
that already have the plugin installed.
Whether you are just
getting started with a new pair of Panorama appliances, or you have
already set up your standalone Panorama appliance and completed
the licensing and installation procedures, make sure to check the
prerequisites before you enable HA:
The Panorama appliance peers must be of the same form factor
(hardware appliances of the same model or identical virtual appliances)
and same OS version and must have the same set of licenses. The
premium support license is required for Prisma Access and
Strata Logging Service.
The serial number of the primary Panorama appliance is tied
to your Prisma Access and Strata Logging Service auth codes. If you have
installed and set up the plugin on a standalone Panorama appliance,
ensure that you use that Panorama appliance as the primary peer.
If you need to assign this standalone peer as the secondary Panorama
appliance, contact Palo Alto Networks support for assistance with
transferring the license to the primary Panorama appliance peer
before you continue.
If you disable HA for
a Panorama pair and revert to a configuration where a single Panorama
manages Prisma Access, you must
re-verify your account to
prevent errors when retrieving the status of Prisma Access components.
To
set up your Panorama appliances in an HA configuration, complete
the following steps.