Configure HA1/HA2 command line

@rmfalconer 

Thank you, for the most part i think I got it:

configure
set network interface ethernet ethernet1/1 ha
set network interface ethernet ethernet1/2 ha

set deviceconfig high-availability enabled yes

set deviceconfig high-availability interface ha1 port ha1-a
set deviceconfig high-availability interface ha1 ip-address 192.168.6.44
set deviceconfig high-availability interface ha1 netmask 255.255.255.0

set deviceconfig high-availability interface ha1 port ha1-b
set deviceconfig high-availability interface ha1 ip-address 192.168.16.44
set deviceconfig high-availability interface ha1 netmask 255.255.255.0

set deviceconfig high-availability interface ha2 port ethernet1/1
set deviceconfig high-availability interface ha2 ip-address 192.168.26.44
set deviceconfig high-availability interface ha2 netmask 255.255.255.0

set deviceconfig high-availability interface ha2 port ethernet1/2
set deviceconfig high-availability interface ha2 ip-address 192.168.36.44
set deviceconfig high-availability interface ha2 netmask 255.255.255.0

set deviceconfig high-availability group group-id 1 peer-ip 192.168.6.45
set deviceconfig high-availability group group-id 1 peer-ip-backup 192.168.16.45
set deviceconfig high-availability group group-id 1 mode active-passive passive-link-state auto
set deviceconfig high-availability group group-id 1 election-option device-priority 100
set deviceconfig high-availability group group-id 1 election-option timers aggressive
set deviceconfig high-availability group group-id 1 state-synchronization enabled yes
set deviceconfig high-availability group group-id 1 state-synchronization transport ip

commit description "Configuring high availability"

My issue now is that when i try to commit I get the following:

Validation Error:
network -> virtual-wire -> default-vwire -> interface1 'ethernet1/1' is not a valid reference
network -> virtual-wire -> default-vwire -> interface1 is invalid
[edit]

And I'm stuck again........

There is a default-vwire that comes with new PAs that includes e1/1 and e1/2. Delete that vwire first then apply the config.

I can't figure out how to do that via the CLI.  Do you happen to know?

I can't find how to do that via the CLI, do you happen to know?

# delete network virtual-wire
<name> <name>

# delete network virtual-wire default-vwire

No object to delete in delete handler

I thought that was it, bit it isn't working.

You need quotes since there's a space in the name.

delete network virtual-wire "Default VWire"

@MrWonderful 

Normally you should see this from CLI

delete network virtual-wire
default default
<name> <name>

)# delete network virtual-wire default

[edit]

Where default is name of virtual wire.

In your case you need command  below

PA# delete network virtual-wire  "default-vwire"

Check the output of below command 

PA>show virtual-wire all

total virtual-wire shown : 0
flags : m - multicast firewalling
p - link state pass-through
s - vlan sub-interface
i - ip+vlan sub-interface
t - tenant sub-interface

name interface1 interface2 flags allowed-tags
--------------------------------------------------------------------------------

You should see none here if you have no virtual wire config in your PA.

Regards

Sorry, that didn't work.

admin# delete network virtual-wire "Default VWire"

No object to delete in delete handler

@MP18 @rmfalconer 

I do appreciate all that help.

admin> show virtual-wire all

total virtual-wire shown : 1
flags : m - multicast firewalling
p - link state pass-through
s - vlan sub-interface
i - ip+vlan sub-interface
t - tenant sub-interface

name interface1 interface2 flags allowed-tags
--------------------------------------------------------------------------------
default-vwire ethernet1/1 ethernet1/2 p

I did that before, so I know I have the name correct, but nothing will seem to let me delete this thing:

admin# delete network virtual-wire

Invalid syntax.
[edit]
admin# delete network virtual-wire
<name> <name>

admin# delete network virtual-wire default-vwire

No object to delete in delete handler

[edit]
admin# delete network virtual-wire "default-vwire"

No object to delete in delete handler

[edit]

whats the output of this command 

# delete network virtual-wire ?
<name> <name>

Just to confirm seems it is empty right?

Also you have super user right on the PA need to confirm that?

@MP18 

I'm logged on a super.

admin# delete network virtual-wire

Invalid syntax.
[edit]

That's what I get with that.  It should be, as i walk my way through the commands with a ? to see the options:

admin# delete network virtual-wire default-vwire

But this is the result of that:

No object to delete in delete handler

I know there is one because of this though:

admin> show virtual-wire all

total virtual-wire shown : 1
flags : m - multicast firewalling
p - link state pass-through
s - vlan sub-interface
i - ip+vlan sub-interface
t - tenant sub-interface

name interface1 interface2 flags allowed-tags
--------------------------------------------------------------------------------
default-vwire ethernet1/1 ethernet1/2 p

So, I don't get it.  I'm clearly missing something here.

The guide said to do this:

Step 3 (Optional) The firewall comes preconfigured with a default virtual wire interface between ports Ethernet 1/1
and Ethernet 1/2 (and a corresponding default security policy and zones). If you do not plan to use this virtual wire configuration, you must manually delete the configuration to prevent it from interfering with other interface settings you define.

You must delete the configuration in the following order:
1. To delete the default security policy, select Policies >
Security, select the rule, and click Delete.
2. To delete the default virtual wire, select Network > Virtual
Wires, select the virtual wire and click Delete.
3. To delete the default trust and untrust zones, select Network
> Zones, select each zone and click Delete.

Although I had to do step three before step two - and then it worked.