https://live.paloaltonetworks.com/t5/automation-api-discussions/pan-os-python-sdk-configure-ngfw-vm-ha-issue/m-p/414049#M2698 <P>Describe the bug</P><P>Trying to configure active-passive HA for NGFW-VM on AWS, but got error "ha1-backup unexpected here"</P><P>Expected behavior</P><P>The VM series NGFW on AWS is special tailored, according to the admin guide<SPAN>&nbsp;'</SPAN><A title="the admin guide" href="https://docs.paloaltonetworks.com/vm-series/10-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/high-availability-for-vm-series-firewall-on-aws/configure-activepassive-ha-on-aws.html" target="_blank" rel="nofollow noopener">https://docs.paloaltonetworks.com/vm-series/10-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/high-availability-for-vm-series-firewall-on-aws/configure-activepassive-ha-on-aws.html'</A></P><P>The HA1 port has to be the "management" interface, for the aws routing table requirement, we have to do interface moving HA, can NOT do secondary IP based.</P><P>Current behavior</P><P>When configure HA with HA1 without backup, it got error "ha1-backup unexpected here"</P><P>Possible solution</P><P>Since ha1-backup is not configured, the SDK should not try to configure ha1-backup by itself.</P><P>Steps to reproduce</P><P>The test code:</P><P>from panos.firewall import Firewall<BR />from panos.ha import HA1, HA2, HighAvailability</P><P>def main():<BR />fw = Firewall('X.X.X.X', 'admin', '########')<BR />ha_config = HighAvailability(group_id=1, peer_ip="10.2.240.252", mode="active-passive", state_sync=True)<BR />ha1_int = HA1("10.2.240.236", "255.255.255.0", "management")<BR />ha2_int = HA2("10.2.224.78", "255.255.255.0", "ethernet1/1")</P><P>fw.add(ha_config).create()<BR />fw.add(ha1_int).create()<BR />fw.add(ha2_int).create()</P><P>fw.commit(sync=True, exception=True)</P><P>if<SPAN>&nbsp;</SPAN><STRONG>name</STRONG><SPAN>&nbsp;</SPAN>== "<STRONG>main</STRONG>":<BR />main()</P><P>Screenshots</P><P>(.venv) 16:00 % python test.py<BR />Traceback (most recent call last):<BR />File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/panos/base.py", line 3661, in method<BR />super_method(self, *args, **kwargs)<BR />File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/pan/xapi.py", line 741, in set<BR />self.__type_config('set', query, extra_qs)<BR />File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/pan/xapi.py", line 805, in __type_config<BR />raise PanXapiError(self.status_detail)<BR />pan.xapi.PanXapiError: deviceconfig -&gt; high-availability -&gt; interface -&gt; ha1-backup unexpected here<BR />deviceconfig -&gt; high-availability -&gt; interface is invalid</P><P>During handling of the above exception, another exception occurred:</P><P>Traceback (most recent call last):<BR />File "/Users/jozhou/src/python/ansible/panos/test.py", line 17, in<BR />main()<BR />File "/Users/jozhou/src/python/ansible/panos/test.py", line 10, in main<BR />fw.add(ha_config).create()<BR />File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/panos/base.py", line 645, in create<BR />device.xapi.set(self.xpath_short(), element, retry_on_peer=self.HA_SYNC)<BR />File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/panos/base.py", line 3682, in method<BR />raise the_exception<BR />panos.errors.PanDeviceXapiError: deviceconfig -&gt; high-availability -&gt; interface -&gt; ha1-backup unexpected here<BR />deviceconfig -&gt; high-availability -&gt; interface is invalid<BR />(.venv) 16:07 %</P><P>Context</P><P>NGFW-VM HA pair on AWS same AZ with interface moving of active-passive HA.</P><P>Your Environment</P><P>NGFW-VM on AWS</P><UL><LI>Version used: 10.0.6</LI></UL> Thu, 17 Jun 2021 23:54:09 GMT JZhou4 2021-06-17T23:54:09Z https://live.paloaltonetworks.com/t5/automation-api-discussions/pan-os-python-sdk-configure-ngfw-vm-ha-issue/m-p/414049#M2698 <P>Describe the bug</P><P>Trying to configure active-passive HA for NGFW-VM on AWS, but got error "ha1-backup unexpected here"</P><P>Expected behavior</P><P>The VM series NGFW on AWS is special tailored, according to the admin guide<SPAN>&nbsp;'</SPAN><A title="the admin guide" href="https://docs.paloaltonetworks.com/vm-series/10-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/high-availability-for-vm-series-firewall-on-aws/configure-activepassive-ha-on-aws.html" target="_blank" rel="nofollow noopener">https://docs.paloaltonetworks.com/vm-series/10-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/high-availability-for-vm-series-firewall-on-aws/configure-activepassive-ha-on-aws.html'</A></P><P>The HA1 port has to be the "management" interface, for the aws routing table requirement, we have to do interface moving HA, can NOT do secondary IP based.</P><P>Current behavior</P><P>When configure HA with HA1 without backup, it got error "ha1-backup unexpected here"</P><P>Possible solution</P><P>Since ha1-backup is not configured, the SDK should not try to configure ha1-backup by itself.</P><P>Steps to reproduce</P><P>The test code:</P><P>from panos.firewall import Firewall<BR />from panos.ha import HA1, HA2, HighAvailability</P><P>def main():<BR />fw = Firewall('X.X.X.X', 'admin', '########')<BR />ha_config = HighAvailability(group_id=1, peer_ip="10.2.240.252", mode="active-passive", state_sync=True)<BR />ha1_int = HA1("10.2.240.236", "255.255.255.0", "management")<BR />ha2_int = HA2("10.2.224.78", "255.255.255.0", "ethernet1/1")</P><P>fw.add(ha_config).create()<BR />fw.add(ha1_int).create()<BR />fw.add(ha2_int).create()</P><P>fw.commit(sync=True, exception=True)</P><P>if<SPAN>&nbsp;</SPAN><STRONG>name</STRONG><SPAN>&nbsp;</SPAN>== "<STRONG>main</STRONG>":<BR />main()</P><P>Screenshots</P><P>(.venv) 16:00 % python test.py<BR />Traceback (most recent call last):<BR />File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/panos/base.py", line 3661, in method<BR />super_method(self, *args, **kwargs)<BR />File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/pan/xapi.py", line 741, in set<BR />self.__type_config('set', query, extra_qs)<BR />File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/pan/xapi.py", line 805, in __type_config<BR />raise PanXapiError(self.status_detail)<BR />pan.xapi.PanXapiError: deviceconfig -&gt; high-availability -&gt; interface -&gt; ha1-backup unexpected here<BR />deviceconfig -&gt; high-availability -&gt; interface is invalid</P><P>During handling of the above exception, another exception occurred:</P><P>Traceback (most recent call last):<BR />File "/Users/jozhou/src/python/ansible/panos/test.py", line 17, in<BR />main()<BR />File "/Users/jozhou/src/python/ansible/panos/test.py", line 10, in main<BR />fw.add(ha_config).create()<BR />File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/panos/base.py", line 645, in create<BR />device.xapi.set(self.xpath_short(), element, retry_on_peer=self.HA_SYNC)<BR />File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/panos/base.py", line 3682, in method<BR />raise the_exception<BR />panos.errors.PanDeviceXapiError: deviceconfig -&gt; high-availability -&gt; interface -&gt; ha1-backup unexpected here<BR />deviceconfig -&gt; high-availability -&gt; interface is invalid<BR />(.venv) 16:07 %</P><P>Context</P><P>NGFW-VM HA pair on AWS same AZ with interface moving of active-passive HA.</P><P>Your Environment</P><P>NGFW-VM on AWS</P><UL><LI>Version used: 10.0.6</LI></UL> Thu, 17 Jun 2021 23:54:09 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/pan-os-python-sdk-configure-ngfw-vm-ha-issue/m-p/414049#M2698 JZhou4 2021-06-17T23:54:09Z