PA3220 HA Trigger Condition

Reply
L0 Member

PA3220 HA Trigger Condition

I have a pair of PA3220 firewalls in my environment. I configured Active/Passive for High Availability and I configured Link Monitoring condition to trigger the failover. However I'm still not clearly understand the behavior of PA HA. 

 

I configured a Link Monitoring Group on both Firewall as below

- Name INSIDE

   - Condition ANY

         + Interfaces E1/1

         + Interfaces E1/2

I tried to disconnect the E1/1 on PA01 and the failover triggerd(active on PA02). Then I disconnected the ports E1/1 and E1/2 on PA02. The active state still on the PA02 even the port E1/1 on PA01 UP. I'm not sure, does PA compare the link status between HA?
HA.pngHA

L7 Applicator

Re: PA3220 HA Trigger Condition

Hello,

Where are the e1 and e2 interfaces in your diagram. Also are all 4 of those devices firewalls? Just trying to get the bigger picture.

 

Regards,

Community Manager

Re: PA3220 HA Trigger Condition

Have you combined both interfaces in the same group ( as the group will carry the same 'weight' if one interface is down or all of them)

 

in your scenario, I think you'll need to create 2 groups: each with 1 interface 


Help the community: Like helpful comments and mark solutions
Reaper out
L1 Bithead

Re: PA3220 HA Trigger Condition

Hi,

 

Can you elaborate the scenario again as it seems very confusing. Ideally this should not happen . Please re-check configuration and priority on PA02 link interface ,  priority difference could be the reason for this.

 

You can also check HA logs to get the exact reason for this behavior of PA-HA.

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!