Preventing Split-Brained Monster, HA Failure Technique Idea?

L2 Linker

Preventing Split-Brained Monster, HA Failure Technique Idea?

I am trying to develop a technique to handle HA failure conditions, between two PA units, in an "Active/Passive" configuration.

 

What I want to try is to connect an HA1 link to an intermediate switch. By default, what I notice is that if I take down the link between the primary PA box and the L2 switch, the PA backup unit will then become "Active," and the PA primary unit will then become "Passive." That is good.

 

However, by default, if I reset to starting conditions, and then take down the link between the backup PA box and the L2 switch, both primary and backup PA units go into "Active" mode, and I enter a split-brained monster condition, which is NOT good. What I want to be able to do is configure the "Passive" unit to stay in the "Passive" state, if the physical link between the "Passive" unit and the L2 switch goes down.

 

Yes, I know there are drawbacks to this design. But if you can imagine the Layer2 switch as really part of an MPLS infrastructure, with path protection, etc., it isn't as bad.  

 

See my picture below. Any thoughts on how to do this?  

 

Thanks. 

Clarke

 

 

pa-test.png

L7 Applicator

Re: Preventing Split-Brained Monster, HA Failure Technique Idea?

You'll want to configure HA1-backup using a different path:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/high-availability/ha-concepts/ha-links-and...

 

The backup will ensure the firewalls stay in HA even if the primary HA1 link is disrupted. Ideally you should connect the two firewalls directly on HA1, which would eliminate the switch link as a failure point.

L2 Linker

Re: Preventing Split-Brained Monster, HA Failure Technique Idea?

Unfortunately, tying the two firewalls directly together will not work with the current environment. The intermediate switch is what I need to connect the HA lines together, in this configuration.  

 

I am more concerned about falling into a split-brained condition than I am the intermediate switch failing.

 

But, thanks!

 

Clarke

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!