PA-3400 Series Firewall Overview
Item
Component
Descripon
routed sessions that require Layer 7 inspecon
for App-ID and Content-ID.
The HSCI ports must be connected
directly between the two firewalls in the
HA configuraon (without a switch or
router between them). When directly
connecng the HSCI ports between
two PA-3400 Series firewalls that are
physically located near each other, Palo
Alto Networks recommends that you
use a passive SFP+ cable.
For installaons where the two firewalls
are not near each other and you cannot
use a passive SFP+ cable, use a standard
SFP+ transceiver and the appropriate
cable length.
5
HA1-A and HA1-B ports
Two RJ-45 10Mbps/100Mbps/1000Mbps ports for
high availability (HA) control.
If the firewall dataplane restarts due to
a failure or manual restart, the HA1-B
link will also restart. If this occurs and
the HA1-A link is not connected and
configured, then a split brain condion
occurs. Therefore, we recommend that
you connect and configure the HA1-A
ports and the HA1-B ports to provide
redundancy and to avoid split brain
issues.
6
MGT port
Use this Ethernet 10Mbps/100Mbps/1000Mbps
port to access the management web interface
and perform administrave tasks. The firewall
also uses this port for management services, such
as retrieving licenses and updang threat and
applicaon signatures.
7
CONSOLE port (RJ-45)
Use this port to connect a management computer to
the firewall using a 9-pin serial-to-RJ-45 cable and
terminal emulaon soware.
The console connecon provides access to firewall
boot messages, the Maintenance Recovery Tool
(MRT), and the command line interface (CLI).
PA-3400 Series Next-Gen Firewall Hardware Reference
15
©
2022 Palo Alto Networks, Inc.