Configure a High Availability (HA) Interface for HA Deployment
Learn how to create an HA interface for HA deployments.
Where Can I Use
This?
What Do I Need?
Prisma SD-WAN
Active Prisma SD-WAN
license
Prisma SD-WAN offers a unique branch HA solution ensuring full
WAN capacity in the case of an ION device failure. This is achieved by leveraging the
fail-to-wire capabilities and HA group technology of ION devices at a branch site.
Prisma SD-WAN High Availability (HA), ensures automatic failover between active and
backup devices, maintaining all services and forwarding paths when an ION device
experiences a software, hardware, or network related failure.
Generation One ION devices (ION 1000, ION 2000, ION 3000, and ION 9000) use the control
port for the exchange of HA heart beat and manage the controller traffic between the
active and the standby device. The NextGen ION devices (ION 1200-S, ION 3200, ION 5200,
ION 9200) do not need a dedicated controller port with the introduction of
used-for-HA as a port type.
The used-for-HA interface (referred to as the
used-for-control interface prior to Release 6.3.1) exchanges
heartbeat between the two ION devices and also connects the standby device to the
controller through the active ION device. You can use this interface to send management
traffic like App Probe, NTP, SNMP, RADIUS, and IPFIX.
Starting with Release 6.3.1, the support for High Availability (HA) has been enhanced to
include compatibility with various interface types.
If you have configured the used-for-HA
interface and you want to downgrade to a version that does not support the
used-for-HA interface, contact Palo Alto Customer Support.
Used-for-HA is supported on all ION
platforms. Directly establishing the High Availability (HA) connection between devices
is recommended only in cases where there are no southbound LAN switches present and
exclusively only with 1200-S and 3200-L2 models with redundant ports.
Used-for-HA is supported on the following interfaces in HA
topology:
