PA-5400 SERIES NEXT-GEN FIREWALL HARDWARE REFERENCE | PA-5400 Series Firewall Module and Interface Card
Information
25
©
2021 Palo Alto Networks, Inc.
Item
Component
Description
the firewall with a specific configuration, license it, and make it
operational on the network.
4
Console Port
Use this port to connect a management computer to the
firewall using a 9-pin serial-to-RJ-45 cable and terminal
emulation software.
The console connection provides access to firewall boot
messages, the Maintenance Recovery Tool (MRT), and the
command line interface (CLI).
If your management computer does not have a
serial port, use a USB-to-serial converter.
5
HSCI-A and HSCI-B (High
Speed Chassis Interconnect)
Ports
Quad-SFP+ (QSFP+/QSFP28) interfaces used to connect
two PA-5400 Series firewalls for a high availability (HA)
configuration. Each port offers 80GE (two 40Gbps links) or
200GE (two 100Gbps links) connectivity and is used for HA2
data link in an active/passive configuration. When in active/
active mode, the port is also used for HA3 packet forwarding
for asymmetrically routed sessions that require Layer 7
inspection for App-ID
™
and Content#ID
™
.
In a typical installation, HSCI-A on the first firewall connects
directly to HSCI-A on the second firewall and HSCI-B on the
first firewall connects to HSCI-B on the second firewall. The
purpose of HSCI-B is to increase the bandwidth for HA2/HA3
processing. This provides full 80-200Gbps transfer rates. In
software, both ports (HSCI-A and HSCI-B) are treated as one
HA interface.
The HSCI ports are not routable and must be connected directly
to each other, not through a switch.
You can configure HA2 (data link) on the HSCI ports or on NC
data ports. When configuring on dataplane ports, you must
ensure that both the HA2 and HA2-Backup links are configured
on dataplane interfaces. A mix of a dataplane port and an HSCI
port for either HA2 or HA2-Backup will result in a commit
failure.
6
Logging Ports
Two SFP/SFP+ logging ports that offer 1/10GE connectivity.
7
Management Ports
Two SFP/SFP+ management ethernet ports providing 1/10GE
connectivity that are used to access the management interface.
To manage the firewall, change your management computer
IP address to 192.168.1.2, connect an RJ-45 cable from your
computer to one of the MGT ports and browse to https://
192.168.1.1. The default login name is admin and the default
password is admin.
8
HA1 Ports
Two SFP/SFP+ ports providing 1/10GE connectivity for high
availability (HA) control and synchronization. Connect this port
directly from the HA1-A port on the first firewall in an HA pair
Содержание PA-5400 Series
Страница 1: ...PA 5400 Series Next Gen Firewall Hardware Reference paloaltonetworks com documentation...
Страница 6: ...6 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE Before You Begin 2021 Palo Alto Networks Inc...
Страница 14: ...14 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE Before You Begin...
Страница 20: ...20 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE PA 5400 Series Firewall Overview...
Страница 82: ...82 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE Service the PA 5400 Series Firewall Hardware...