HA2 goes down when Enabling Session Synchronization

Reply
L0 Member

HA2 goes down when Enabling Session Synchronization

Hello Palo Alto Community,

I'm deploying a HA Pair of Palo Alto VM Serie (hosted on my infrastructure) and I'm being blocked by a situation I don't understand.

  • HA1 is UP and the two member can see each other. I'm using the management interface as HA1 interface for convenience purposes.
  • HA2 is ethernet1/2 which is on a Port-Group dedicated for HA2.

When "Enable Session Synchronization" on HA2 interface is disabled, the HA status is reporting that HA1 and HA2 is fine. Config sync is working, I can run failover tests without any issues.

When I activate "Enabling Session Synchronization" feature, the HA status is reporting that HA1 is UP but HA2 goes down and the slave stays stuck in "Initial (Waiting for state synchronization completion)". I don't understand why HA2 goes down as soon as "Enabling Session Synchronization" is enabled.

 

Do you have some ideas ?

Many thanks.

L4 Transporter

Re: HA2 goes down when Enabling Session Synchronization

What version of software are you running?

Are both FWs on the same Host, or did you put each FW in a different host?

Did you give HA2 an IP address with a /30 bit mask (not needed)

Did you confirm the tranport protocol matches (for if you did put in an IP than ip protocol, otherwise,ethernet would suffice)

If you have an IP on HA2 have attempted to ping from HA2 IP to slave HA2 IP, before enabling HA session sych?

 

Just some ideas.

 

The log I would take a look at would be less mp-log ha_agent.log
This should give you indication of what is happening in real time.

I would start from there, before getting into debugging the actual HA process.

 

 

 

Help the community: Like helpful comments and mark solutions
L0 Member

Re: HA2 goes down when Enabling Session Synchronization

I found the root cause: when the two VM are on two different ESXi host they can't ping each other. When they are on the same host everything works (i.e. they can ping each other and HA works fine). It's not related to my Palo Alto configuration.

 

I need to troubleshoot my Distributed Virtual Switch now.

 

Thank you for everything.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!