When two Palo Alto Networks firewalls are deployed in an active/passive cluster, it is mandatory to configure the device priority. The device priority decides which firewall will preferably take the active role and which firewall will take over the passive role when both the firewalls boot up to become functional for the first time. However, there is an option called "Preemption" which influences this behavior on the event of it being enabled or disabled.
When the Palo Alto Networks firewall cluster (Primary and Secondary) boots up for the first time, the device with a higher priority (lower numerical value) will take up the active role and the device with a lower priority (higher numerical value) will take up the passive role, in spite of the Preemption option being enabled or disabled. See the diagram below:
With Preemption Enabled
The Preemption option must be enabled on both Palo Alto Networks firewalls, as shown in the diagrams below.
If the primary firewall fails, then the secondary firewall will take the active role and start to forward the traffic.
When the primary firewall comes up, it will immediately resume the active role as it is the device with the higher priority (lower numerical value).
With Preemption Disabled
If the primary firewall fails, the secondary firewall will take the active role and start to forward the traffic.
When the primary firewall comes up, it will not resume the active role even though it has a higher priority setting. The device which is currently in the active role will remain the active firewall. In this case, the secondary firewall will resume the active role.
The device priority and the Preemption is configured under Device > High Availability > General > Election Settings, as shown below:
During the first boot, the lowest value (higher priority) will become active
During the first boot, the highest value (lower priority) will become passive
When Preemption is enabled, when the device reboots then the device with lowest value will become active
When Preemption is disabled, when the device reboots then the the device, which was active earlier, will resume the active role in spite of the configured priority