- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-10-2014 01:40 PM
This is probably simple, but the documentation I can find is unclear, so I'm going to ask anyway. Better to ask and seem a fool than to act and remove all doubt!
I have a pair of PA's in HA configuration. Owing to an issue on the inside with internal switching, I need to be able to kick from the current "active" to the current "passive" to test something, and then back again.
So far, the only way I've found to do this is to reboot the "active" - not really palatable if something goes wrong, because they're only 2020's, and take 15 minutes to boot up to operational state.
Is there any way I can force the "passive" to go active without rebooting?
Thanks
02-10-2014 01:43 PM
On your primary/active firewall, go to the GUI, Device / High Availability / Operational Commands / Suspend local device.
02-10-2014 01:43 PM
On your primary/active firewall, go to the GUI, Device / High Availability / Operational Commands / Suspend local device.
02-10-2014 01:56 PM
Does that cause a failover, or just suspend the HA configuration? This is what I am a little concerned about - I don't want both devices going active.
Also, how do you re-enable it? Just do the same on the other device?
02-10-2014 02:09 PM
This will cause your primary device to suspend, which will cause your secondary device to come active.
Once you've suspended it, then the "suspend" link will change to "resume" (or something like that).
02-10-2014 05:38 PM
Hello Darren,
Just an addition piece of information:
If you have configured "Link and Path monitoring" into the HA config, You can unplug one of the monitoring interface from Primary node and it will trigger a failover to another node.
Thanks
02-11-2014 06:37 AM
The CLI commands for forcing failover and then returning to HA mode are:
admin@pafw2(active)> request high-availability state suspend
Successfully changed HA state to suspended
admin@pafw2(suspended)> request high-availability state functional
admin@pafw2(passive)
02-12-2014 05:43 PM
FredReimer wrote:
Hello Darren,
Just an addition piece of information:
If you have configured "Link and Path monitoring" into the HA config, You can unplug one of the monitoring interface from Primary node and it will trigger a failover to another node.
Thanks
Not so easy when the firewall is in a data centre 15 minutes walk from where I sit in my office. 🙂
02-12-2014 05:44 PM
holmesw wrote:
The CLI commands for forcing failover and then returning to HA mode are:
admin@pafw2(active)> request high-availability state suspend
Successfully changed HA state to suspended
admin@pafw2(suspended)> request high-availability state functional
admin@pafw2(passive)
I knew about the suspend command, I just wasn't sure if it meant suspend the HA state, or suspend the HA (and make both firewalls active).
I know now it's the former - and I've tested it this week, so I know it works. Makes troubleshooting the network issues way easier when I can just put the primary back online with two clicks!
Cheers and thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!