Configure HA Devices for SD-WAN
Table of Contents
Expand all | Collapse all
-
- Create a Link Tag
- Configure an SD-WAN Interface Profile
- Configure a Physical Ethernet Interface for SD-WAN
- Configure an Aggregate Ethernet Interface and Subinterfaces for SD-WAN
- Configure Layer 3 Subinterfaces for SD-WAN
- Configure a Virtual SD-WAN Interface
- Create a Default Route to the SD-WAN Interface
-
- Create a Path Quality Profile
-
- Create a SaaS Quality Profile
- Use Case: Configure SaaS Monitoring for a Branch Firewall
- Use Case: Configure a Hub Firewall Failover for SaaS Monitoring from a Branch Firewall to the Same SaaS Application Destination
- Use Case: Configure a Hub Firewall Failover for SaaS Monitoring from a Branch Firewall to a Different SaaS Application Destination
- SD-WAN Traffic Distribution Profiles
- Create a Traffic Distribution Profile
- Create an Error Correction Profile
- Configure an SD-WAN Policy Rule
- Allow Direct Internet Access Traffic Failover to MPLS Link
- Configure DIA AnyPath
- Distribute Unmatched Sessions
- Configure Multiple Virtual Routers on SD-WAN Hub
- Configure Multiple Virtual Routers on SD-WAN Branch
- Configure HA Devices for SD-WAN
- Create a VPN Cluster
- Create a Full Mesh VPN Cluster with DDNS Service
- Create a Static Route for SD-WAN
- Configure Advanced Routing for SD-WAN
-
- Use CLI Commands for SD-WAN Tasks
- Replace an SD-WAN Device
- Replace the SD-WAN enabled Panorama HA Peer
- Convert SD-WAN enabled Standalone Panorama to Panorama HA
- Troubleshoot App Performance
- Troubleshoot Link Performance
- Upgrade your SD-WAN Firewalls
- Install the SD-WAN Plugin
- Uninstall the SD-WAN Plugin
Configure HA Devices for SD-WAN
Configure active/passive HA for two SD-WAN branches or hubs.
You can configure two firewalls as a branch in active/passive HA mode (or two
firewalls as a hub in active/passive HA mode) to be part of your SD-WAN environment.
In this case, Panorama™ needs to push the same configuration to the active peer and
the passive peer, rather than treat the two firewalls individually. To make that
happen, you configure active/passive HA before adding the devices for SD-WAN, so
that Panorama is aware the devices are HA peers and pushes the same configuration to
them. (Only HA active/passive mode is supported.)
Read through the following procedure before you begin so you don’t Commit after
adding your HA peers as SD-WAN devices.
In HA, the firewall does not synchronize SD-WAN session distribution statistics.
After an HA failover, the session distribution statistics display only
statistics of new sessions; statistics of existing sessions are lost.
- Before you enable SD-WAN on your HA peers, configure Active/Passive HA on two firewall models that support SD-WAN.Add the HA peers as SD-WAN devices, but don’t perform the last step to Commit.In Panorama, select PanoramaManaged DevicesSummary.At the bottom of the screen, select Group HA Peers. Confirm that under the Status display, the HA Status column includes the two firewalls, one Active and one passive. Panorama is aware of the HA status and will push the same SD-WAN configuration to the two HA peers when you commit.Commit and Commit and Push.