Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-17-2021 04:54 PM
Describe the bug
Trying to configure active-passive HA for NGFW-VM on AWS, but got error "ha1-backup unexpected here"
Expected behavior
The VM series NGFW on AWS is special tailored, according to the admin guide 'https://docs.paloaltonetworks.com/vm-series/10-0/vm-series-deployment/set-up-the-vm-series-firewall-...
The HA1 port has to be the "management" interface, for the aws routing table requirement, we have to do interface moving HA, can NOT do secondary IP based.
Current behavior
When configure HA with HA1 without backup, it got error "ha1-backup unexpected here"
Possible solution
Since ha1-backup is not configured, the SDK should not try to configure ha1-backup by itself.
Steps to reproduce
The test code:
from panos.firewall import Firewall
from panos.ha import HA1, HA2, HighAvailability
def main():
fw = Firewall('X.X.X.X', 'admin', '########')
ha_config = HighAvailability(group_id=1, peer_ip="10.2.240.252", mode="active-passive", state_sync=True)
ha1_int = HA1("10.2.240.236", "255.255.255.0", "management")
ha2_int = HA2("10.2.224.78", "255.255.255.0", "ethernet1/1")
fw.add(ha_config).create()
fw.add(ha1_int).create()
fw.add(ha2_int).create()
fw.commit(sync=True, exception=True)
if name == "main":
main()
Screenshots
(.venv) 16:00 % python test.py
Traceback (most recent call last):
File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/panos/base.py", line 3661, in method
super_method(self, *args, **kwargs)
File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/pan/xapi.py", line 741, in set
self.__type_config('set', query, extra_qs)
File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/pan/xapi.py", line 805, in __type_config
raise PanXapiError(self.status_detail)
pan.xapi.PanXapiError: deviceconfig -> high-availability -> interface -> ha1-backup unexpected here
deviceconfig -> high-availability -> interface is invalid
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/jozhou/src/python/ansible/panos/test.py", line 17, in
main()
File "/Users/jozhou/src/python/ansible/panos/test.py", line 10, in main
fw.add(ha_config).create()
File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/panos/base.py", line 645, in create
device.xapi.set(self.xpath_short(), element, retry_on_peer=self.HA_SYNC)
File "/Users/jozhou/src/python/ansible/.venv/lib/python3.9/site-packages/panos/base.py", line 3682, in method
raise the_exception
panos.errors.PanDeviceXapiError: deviceconfig -> high-availability -> interface -> ha1-backup unexpected here
deviceconfig -> high-availability -> interface is invalid
(.venv) 16:07 %
Context
NGFW-VM HA pair on AWS same AZ with interface moving of active-passive HA.
Your Environment
NGFW-VM on AWS
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
