It’s best to maintain a consistent set of Zones on both devices. The security rules that are related to inbound traffic (destination NAT) need to configured with tuples that apply to both devices/networks. It’s advisable to use a public DNS service that’s capable of checking the health of a service endpoint and failing the DNS record over to the public IP address on the standby device. TTL on these DNS records should be set to less than five minutes.
Saasyan will receive an alert, rectify Paximus service related issues and notify the client if the failure is due to problems at the client side.
The client can choose the configuration sections that need to be kept in sync.
As frequently as the client likes. Each sync will require the secondary Palo Alto Networks® Next Generation Firewall to be up for 15 minutes if there are configuration changes to be applied.
Directly over the Internet or via an agent installed on premise.
Saasyan Paximus is completely hosted and managed by Saasyan.