Configure HA Active-Passive in OCI in two separate regions

Configure HA Active-Passive in OCI in two separate regions

3219
Created On 07/04/24 00:04 AM - Last Modified 07/09/24 20:38 PM


Question


We have two firewalls in two different regions (Madrid - Marsella), we want to deploy an Active/Passive configuration on these firewalls, but we don't know if it's possible.

Environment


VM firewalls in OCI HA (A/P) pair

Answer


Currently, HA (Active - Passive ) configuration is supported in same region. One can have the Active/Passive pair in separate Availability Domains but not in separate regions.

This is because while setting up HA setting up policy under Identity and security in OCI an error comes up for the compartment not being present. The primary firewall will not be able to send API call to the other firewall present in different regions due to which HA failover will be unsuccessful. Screenshot 2024-07-02 at 3.46.35 PM.png 

Additional Information


https://docs.paloaltonetworks.com/vm-series/11-0/vm-series-deployment/set-up-the-vm-series-firewall-on-oracle-cloud-infrastructure/configure-activepassive-ha-on-oci
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000010zBUCAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language