Validation Error for High availability

shanjing — Wed, 26 Jun 2024 06:01:31 GMT

The error message when commiting is:

Validation Error:
deviceconfig -> high-availability -> group -> state-synchronization unexpected here
deviceconfig -> high-availability -> group -> state-synchronization is invalid

I configured high availability using yaml ansible code. After enabling high availability, and setting up a few stuff, I am facing this error. I am not sure what I am missing. I am following the CIS benchmark for the palo alto firewall.

3.1:

- name: Set HA2 enabled

panos_type_cmd:

provider: '{{ provider }}'

xpath: |

/config/devices/entry[@name='localhost.localdomain']

/deviceconfig/high-availability

element: |

- name: Ensure a fully synchronized High Availability peer is configured

panos_type_cmd:

provider: '{{ provider }}'

xpath: |

/config/devices/entry[@name='localhost.localdomain']

/deviceconfig/high-availability/group/state-synchronization

element: |

<transport>udp</transport> #ethernet/ip/udp

- name: Set HA2

panos_type_cmd:

provider: '{{ provider }}'

xpath: |

/config/devices/entry[@name='localhost.localdomain']

/deviceconfig/high-availability/interface/ha2

element: |

<ip-address>1.1.1.2</ip-address>

3.2:

- name: Configure Link Monitoring

panos_type_cmd:

provider: '{{ provider }}'

xpath: |

/config/devices/entry[@name='localhost.localdomain']

/deviceconfig/high-availability/group/monitoring/link-monitoring

element: |

<failure-condition>any</failure-condition>

- name: Configure Path Monitoring

panos_type_cmd:

provider: '{{ provider }}'

xpath: |

/config/devices/entry[@name='localhost.localdomain']

/deviceconfig/high-availability/group/monitoring/path-monitoring

element: |

<failure-condition>any</failure-condition>

3.3:

- name: Set passive-link-state auto

panos_type_cmd:

provider: '{{ provider }}'

xpath: |

/config/devices/entry[@name='localhost.localdomain']

/deviceconfig/high-availability/group/mode/active-passive

element: |

<passive-link-state>auto</passive-link-state>

- name: Disable Preemptive

panos_type_cmd:

provider: '{{ provider }}'

xpath: |

/config/devices/entry[@name='localhost.localdomain']

/deviceconfig/high-availability/group/election-option

element: |

Re: Validation Error for High availability

RomainSalmon — Thu, 25 Jul 2024 09:55:24 GMT

Hello,

Have you configured interfaces dedicated for HA1 and HA2 and the configuration dedicated to HA1?

topic Re: Validation Error for High availability in Next-Generation Firewall Discussions

Validation Error for High availability

Re: Validation Error for High availability