- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-08-2018 07:22 AM
Hi
I have Palo alto vm series 8.1.0 installed with Active/Active HA setup.
All the interfaces and vlans have come up and ableto access the zones hosts.
But the connection getting dropped very frequently. say like, if i try reaching any other zones it will be pinging for first 10 times, again i see lots of request timed out and it starts connecting fine
Tried suspecing one of the firewall looks like fixing the problem (but still not sure, luckily i didnt face anything during the time)
Could any one suggest anything else to be enable when we configure Active/Active HA setup? any zone protection profile incase? pleaes suggest.
thanks,
08-08-2018 09:53 AM
So first thing off the bat get off 8.1.0 and update both units to 8.1.2. If you are going to run the 8.1 code you'll want the latest maintenance release.
Why was Active/Active setup selected? When running a VM series I really wouldn't recommend running an Active/Active deployment.
In an Active/Active situation I wouldn't recommend using PING as a diagnosis tool. Open a connection to a server and verify that the SOS is working correctly and you aren't trying to pass the session between both A/A members. You may be introducing async routing and whatever host you are running this on might not be able to handle this type of setup.
There's quite a few setup steps you need to take to get Active/Active routing working in a VM enviroment and actually make sure that it works as expected. If you don't have Async routing already I would highly recommend dropping A/A.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!