PaloAlto Networks PA-5200 Seriesp Hardware Reference Manual page 15

PA-5200 Series Firewall Overview
Item Component
5 AUX 1 and AUX 2 ports
PA-5200 Series Next-Gen Firewall Hardware Reference
Descripon
PA-5200 Series firewalls in a high availability
(HA) configuraon as follows:
• In an acve/passive configuraon, this
port is for HA2 (data link).
• In an acve/acve configuraon, you
can configure this port for HA2 and/or
HA3. HA3 is used for packet forwarding
for asymmetrically routed sessions that
require Layer 7 inspecon for App-ID
and Content-ID
The HSCI ports must be
connected directly between
the two firewalls in the HA
configuraon (not between
a network switch or router).
When directly connecng
the HSCI ports between
two PA-5220 firewalls
that are physically located
near each other, Palo Alto
Networks recommends that
you use a 40Gbps QSFP+
Acve Opcal Cable (AOC).
When directly connecng
two PA-5250, PA-5260, or
PA-5280 firewalls, use either
a 40Gbps QSFP+ Acve
Opcal Cable (AOC) or a
100Gbps QSFP28 Acve
Opcal Cable (AOC).
For installaons where
the two firewalls are not
near each other and you
cannot use an AOC cable,
use a standard 40Gbps or
100Gbps transceivers and the
appropriate cable length.
Use these SFP+ ports for HA1, management
funcons, or log forwarding to Panorama.
For informaon on configuring the port, refer to
the on-device Help content in Device > Setup
> Interfaces or refer to the
Interface Reference.
15
.
™
PAN-OS 9.0 Web
2021 Palo Alto Networks, Inc.
©
™