https://live.paloaltonetworks.com/t5/panorama-discussions/tuning-panorama-ha-timers-to-stop-false-ha1-alerts-over-mpls/m-p/1248690#M3026 <P>Hello Community,</P> <P>I’m looking for some advice on tweaking our Panorama HA timers. We are seeing "false" failover alerts and want to ensure our plan to fix them is balanced correctly.</P> <P><BR />Setup:<BR />Two Panoramas in an Active/Passive HA pair located in different Data Centers.<BR />Communication is over a WAN MPLS link.<BR />These manage two sets of firewalls (one set at each site); both Panoramas can push policies to all firewalls.<BR /><BR /></P> <P>Issue<BR />Every 15 to 20 days, we get a sequence of HA alerts, though a full failover hasn't occurred yet. Support confirmed we are missing about 4 heartbeats due to transient jitter on our MPLS.</P> <P>The Alerts we receive (in order):<BR />Primary Panorama: HA1 connection down.<BR />Secondary Panorama: HA1 connection down.<BR />Secondary Panorama: "HA peer determined to be Active through managed devices; staying in Passive state."</P> <P>Even though it stays Passive, these alerts generate concern internally. We are currently using the standard "Recommended" timer settings, which seem a bit aggressive for our WAN. We want to move to Advanced settings to tweak the timers and stop these false alarms while maintaining a safe response time for a real failure.<BR /><BR /></P> <P>Planned Changes:<BR />Under Setup:<BR />Monitor Hold Time: Increase from 3000ms to 8000ms or 10000ms.&nbsp;<BR /><BR /></P> <P>Under HA Advanced Settings:<BR />Heartbeat Interval: Increase from 2000ms to 4000ms.<BR />Hello Interval: Increase from 8000ms to 12000ms.<BR />Additional Master Hold Up Time: Increase from 7000ms to 10000ms.&nbsp;<BR />Preemption Hold Time: Increase from 1 min to 2 min (or leave at 1 min?).</P> <P><BR />Under Path Monitoring:<BR />Path Monitoring: Currently enabled with Failure Condition: Any. Should we Disable this entirely since we do not have any Path Groups or IPs defined or is it fine to leave it enabled?</P> Fri, 20 Feb 2026 11:15:54 GMT kunaltupe05 2026-02-20T11:15:54Z https://live.paloaltonetworks.com/t5/panorama-discussions/tuning-panorama-ha-timers-to-stop-false-ha1-alerts-over-mpls/m-p/1248690#M3026 <P>Hello Community,</P> <P>I’m looking for some advice on tweaking our Panorama HA timers. We are seeing "false" failover alerts and want to ensure our plan to fix them is balanced correctly.</P> <P><BR />Setup:<BR />Two Panoramas in an Active/Passive HA pair located in different Data Centers.<BR />Communication is over a WAN MPLS link.<BR />These manage two sets of firewalls (one set at each site); both Panoramas can push policies to all firewalls.<BR /><BR /></P> <P>Issue<BR />Every 15 to 20 days, we get a sequence of HA alerts, though a full failover hasn't occurred yet. Support confirmed we are missing about 4 heartbeats due to transient jitter on our MPLS.</P> <P>The Alerts we receive (in order):<BR />Primary Panorama: HA1 connection down.<BR />Secondary Panorama: HA1 connection down.<BR />Secondary Panorama: "HA peer determined to be Active through managed devices; staying in Passive state."</P> <P>Even though it stays Passive, these alerts generate concern internally. We are currently using the standard "Recommended" timer settings, which seem a bit aggressive for our WAN. We want to move to Advanced settings to tweak the timers and stop these false alarms while maintaining a safe response time for a real failure.<BR /><BR /></P> <P>Planned Changes:<BR />Under Setup:<BR />Monitor Hold Time: Increase from 3000ms to 8000ms or 10000ms.&nbsp;<BR /><BR /></P> <P>Under HA Advanced Settings:<BR />Heartbeat Interval: Increase from 2000ms to 4000ms.<BR />Hello Interval: Increase from 8000ms to 12000ms.<BR />Additional Master Hold Up Time: Increase from 7000ms to 10000ms.&nbsp;<BR />Preemption Hold Time: Increase from 1 min to 2 min (or leave at 1 min?).</P> <P><BR />Under Path Monitoring:<BR />Path Monitoring: Currently enabled with Failure Condition: Any. Should we Disable this entirely since we do not have any Path Groups or IPs defined or is it fine to leave it enabled?</P> Fri, 20 Feb 2026 11:15:54 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/tuning-panorama-ha-timers-to-stop-false-ha1-alerts-over-mpls/m-p/1248690#M3026 kunaltupe05 2026-02-20T11:15:54Z