Answer» - HA stands for High AVAILABILITY, which is a Palo Alto deployment model. HA is used in a network to prevent a single point of FAILURE. It includes two firewalls that are set up in a synchronised fashion. Security features are enforced through a different FIREWALL if one fails. The company will be able to continue operating without interruption as a result of this.
- There are two different ports in HA: HA1 and HA2. HA1 is referred to as a control link, while HA 2 is referred to as a datalink. These ports are used to synchronise data and keep track of the current state.
- Hellos, heartbeats, and HA state information are exchanged across the HA1 link, as well as MANAGEMENT plane sync for routing and User-ID information. This connection is often used by firewalls to synchronise configuration updates with their peers. The HA1 link is a Layer 3 link that NECESSITATES the use of an IP address.
- Between firewalls in a HA pair, the HA2 link is used to synchronise sessions, forwarding tables, IPSec security associations, and ARP tables. Except for the HA2 keep-alive, data flow on the HA2 connection is always unidirectional; it flows from the active or active-primary firewall to the passive or active-secondary firewall. The HA2 link is a Layer 2 link that defaults to ether type 0x7261.
|
