topic Re: BGP sessions reset or not - Active-Standby HA in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/bgp-sessions-reset-or-not-active-standby-ha/m-p/997405#M5196 <P>Hi Jase</P> <P>1. after a failover BGP needs to re-establish neighborship</P> <P>2. the RIB is not synced, the FIB is synced over HA1</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/high-availability/reference-ha-synchronization" target="_blank">Reference: HA Synchronization</A></P> Tue, 10 Dec 2024 09:18:57 GMT reaper 2024-12-10T09:18:57Z BGP sessions reset or not - Active-Standby HA https://live.paloaltonetworks.com/t5/next-generation-firewall/bgp-sessions-reset-or-not-active-standby-ha/m-p/997115#M5186 <P>Hello All,&nbsp;</P><P>&nbsp;</P><P>I have a few BGP related questions regarding Palo Alto Network firewalls HA active-standby setup.</P><P>&nbsp;</P><P>Scenario:</P><P>* eBGP to internal/trust network</P><P>* static default route for WAN/untrust side</P><P>* floating IPs are used</P><P>&nbsp;</P><P>Qs:</P><P>1. During failover, is the the BGP session state re-established on the passive firewall?&nbsp;That is, the BGP session is not synced over HA1 (control plane) to the standby (new 'active').</P><P>&nbsp;</P><P><SPAN>2: I guess BGP routing table (RIB) is synced over HA1 and BGP graceful restart can help maintain the FIB (i.e. best routes are not withdrawn from FIB of standby firewall that is the new 'active') ? Please confirm.</SPAN></P><P>&nbsp;</P><P>Thanks in advance community.&nbsp;</P><P>&nbsp;</P><P>Jase</P> Sun, 08 Dec 2024 23:48:55 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/bgp-sessions-reset-or-not-active-standby-ha/m-p/997115#M5186 Retr0_Jase 2024-12-08T23:48:55Z Re: BGP sessions reset or not - Active-Standby HA https://live.paloaltonetworks.com/t5/next-generation-firewall/bgp-sessions-reset-or-not-active-standby-ha/m-p/997405#M5196 <P>Hi Jase</P> <P>1. after a failover BGP needs to re-establish neighborship</P> <P>2. the RIB is not synced, the FIB is synced over HA1</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/high-availability/reference-ha-synchronization" target="_blank">Reference: HA Synchronization</A></P> Tue, 10 Dec 2024 09:18:57 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/bgp-sessions-reset-or-not-active-standby-ha/m-p/997405#M5196 reaper 2024-12-10T09:18:57Z