topic AWS HA IP-Secondary Not Working in VM-Series in the Private Cloud https://live.paloaltonetworks.com/t5/vm-series-in-the-private-cloud/aws-ha-ip-secondary-not-working/m-p/1224428#M322 <P>Hi</P> <P>&nbsp;</P> <P>I am having issues with 2 Palo Alto's setup as an HA Pair using IP-Secondary failover, where the Secondary IP Address does not move between the two devices.</P> <P>&nbsp;</P> <P>I have found the following article which shows the error I am getting in the logs:-</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PP8NCAW" target="_blank">PA-VM deployed in AWS does not move ENI’s to newly active unit ... - Knowledge Base - Palo Alto Networks</A></P> <P>&nbsp;</P> <P>My Management Interfaces do not have Public IP Addresses for security reasons and so I am looking at resolution option 3:-</P> <P>&nbsp;</P> <P><SPAN>"Alternatively, VPC endpoints can be used to reach AWS service points if elastic IP assignment is not permitted."</SPAN></P> <P>&nbsp;</P> <P><SPAN>However there is no information provided as to how to set this up. I can create a VPC Endpoint but there are lots of services that I could select.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Anyone know how to resolve this?</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks in advance.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Steve</SPAN></P> Fri, 21 Mar 2025 10:04:41 GMT S.Green424422 2025-03-21T10:04:41Z AWS HA IP-Secondary Not Working https://live.paloaltonetworks.com/t5/vm-series-in-the-private-cloud/aws-ha-ip-secondary-not-working/m-p/1224428#M322 <P>Hi</P> <P>&nbsp;</P> <P>I am having issues with 2 Palo Alto's setup as an HA Pair using IP-Secondary failover, where the Secondary IP Address does not move between the two devices.</P> <P>&nbsp;</P> <P>I have found the following article which shows the error I am getting in the logs:-</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PP8NCAW" target="_blank">PA-VM deployed in AWS does not move ENI’s to newly active unit ... - Knowledge Base - Palo Alto Networks</A></P> <P>&nbsp;</P> <P>My Management Interfaces do not have Public IP Addresses for security reasons and so I am looking at resolution option 3:-</P> <P>&nbsp;</P> <P><SPAN>"Alternatively, VPC endpoints can be used to reach AWS service points if elastic IP assignment is not permitted."</SPAN></P> <P>&nbsp;</P> <P><SPAN>However there is no information provided as to how to set this up. I can create a VPC Endpoint but there are lots of services that I could select.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Anyone know how to resolve this?</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks in advance.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Steve</SPAN></P> Fri, 21 Mar 2025 10:04:41 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-private-cloud/aws-ha-ip-secondary-not-working/m-p/1224428#M322 S.Green424422 2025-03-21T10:04:41Z