you should always set HA2 as without session sync failovers are dramatic.
It is the core reason to have a cluster in the first place: seamless failover
Without ha2 you can just as well set up 2 standalone devices and do ospf or install a load balancer ;) )
there is no recommendation to have HA2-backup in the panw best practices (also not one for HA1-backup, but please take my word that this is a must, you can use the mgmt interface if no physical interface is available))
HA2 allows the primary member of a cluster to share its state table, which allows the standby firewall to "continue" all existing sessions if there's a failover.HA2 backup is simply a backup link in case the primary HA2 link goes down, so the cluster can keep sharing the state table.From a redundancy perspective I would prioritize setting a HA1 backup (as this prevents split brain) and if you need to tick a (compliancy) box, add HA2
Is there a "Best Practice" on whether or not to set up HA2 and HA2 backup? I want to set it up on all my Firewalls, but I'm getting some pushback by some saying it is unnecessary.
If it is indeed not needed then I'll let the argument go.
you should always set HA2 as without session sync failovers are dramatic.
It is the core reason to have a cluster in the first place: seamless failover
Without ha2 you can just as well set up 2 standalone devices and do ospf or install a load balancer ;) )
there is no recommendation to have HA2-backup in the panw best practices (also not one for HA1-backup, but please take my word that this is a must, you can use the mgmt interface if no physical interface is available))
HA2 allows the primary member of a cluster to share its state table, which allows the standby firewall to "continue" all existing sessions if there's a failover. HA2 backup is simply a backup link in case the primary HA2 link goes down, so the cluster can keep sharing the state table. From a redundancy perspective I would prioritize setting a HA1 backup (as this prevents split brain) and if you need to tick a (compliancy) box, add HA2