Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Failover but Cannot access WebGUI

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Failover but Cannot access WebGUI

L2 Linker

Hi All,

 

I tried to upgrade the Palo firewall HA (Active-Passive). But when I failover active to passive, we cannot access the GUI on both firewall. Before I failover, I check the passive cannot reach to updates.paloaltonetworks.com. 

 

After I failover, I tried to connect throught CLI and passive (which it became active) can reach to updates.paloaltonetworks.com. And active(which it became passive), cannot reach to updates.paloaltonetworks.com.

 

Is this the cause that we cannot access the GUI via internet?

 

Need your guys help on this. Thank you.

4 REPLIES 4

L2 Linker

After failover, I ping both firewall and it have intermittent connection issues. But when I unsuspend, there is no intermittent connection issues.

Cyber Elite
Cyber Elite

@Momoj,

From what you've described it sounds like you aren't using the management interface and you have a management profile setup on a loopback interface or another dataplane interface. Likewise, it sounds like you have a service route configured on the device, which would make sense if you don't have the management interface connected.

If that's the case everything you described in your post makes sense. Service routes through dataplane resources aren't going to be accessible unless the device has the active role. Likewise access to the passive device isn't going to function if you are using a management profile on a dataplane interface. It sounds like everything you've described to this point is expected behavior working under the assumption that I've stated above.

 

If you actually have the management interface plugged in on both devices and you aren't using service routes, please report that. I'm making some assumptions based off of what you've said that may not be correct, but account for the behavior that you're reporting. 

Hi, the management interface is plugged in for both device. Thank you for your help. I already logged ticket to TAC support.

@Momoj 

 

Which PAN OS version are you using?

Did this happened first time?

 

Do you enabled MGMT interface as HA1 backup also?

Let us know what TAC says?

 

Regards

Mahesh

 

MP

Help the community: Like helpful comments and mark solutions.
  • 1901 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!