08-07-2023 11:04 PM
Hi everyone,
I have a problem about gre tunnel in HA (active/passive).
Currently, two PA-220 firewalls are configured as active-passive HA. (Settings are also synced between the two devices.)
If I configure and commit the gre tunnel on the active device, the gre tunnel is up on the active device while the config is synced to the HA device.
However, when the config sync was completed (configuration commit is completed) in the passive device, the active device's gre tunnel goes down and the passive device's gre tunnel goes up.
In the HA configuration, the link state of the passive device is set to shutdown, and the link is actually marked as down.
In addition, if I apply the source as the IP of the interface for (gre tunnel) in the cli and ping to the IP of the gre tunnel peer device, ping is possible only from the active device, and ping is not possible from the passive device.
I can't understand these symptoms. Has anyone experienced any of these symptoms?
If anyone knows a solution, please share.
Thank you.
08-08-2023 06:13 AM
Can you list the PAN-OS version that you are running. I recall seeing a similar issue mentioned in one of the various release notes, might be something to check on at the very least.
08-17-2023 06:24 PM
Thanks for your interest in my question.
The OS version I am currently using is 10.2.3.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
