- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-21-2012 11:07 AM
HA active device
Upon initial configuration the device with the lowest priority, value close to zero, becomes the active unit (default priority is 100). If two devices have the same priority value, the device with the lowest MAC address of the HA1 link becomes the active unit.
Can someone give me real world example of when both FWs would have same priority, and why would they be configured as such.
Thanks
12-23-2012 05:43 AM
A couple of reasons I can think of:
1) Misconfiguration due to lack of knowledge?
2) Misconfiguration due to lack of reading the manual?
3) Copy-paste monster (you copy the config of one device to make it equal on another and woops, forgets to change the prioritys).
12-27-2012 11:18 AM
If you are not using the "Preempt" feature in Active/Passive HA then two devices having the same priority should be of no consequence.
02-01-2019 01:27 PM
Hello,
I always like to set on lower than the other so I dont fall into a split brain scenario.
Regards,
02-05-2019 08:25 AM - edited 02-05-2019 08:57 AM
This would only happen if it couldn't communicate with the secondary box correct? If you had device priority set differently, if you don't have preemption enabled, it's not going to make a difference--only the communication between the boxes is going to matter right? Help me understand this one, but with premption disabled, and device priority equal, as long as the boxes can communicate/interface monitor the correct interfaces, that preemption checkbox does not matter. Also, If you have preemption disabled, and priorities different, only if the boxes can't communicate between each other, your going to get a split brain. With preemption enabled, then it matters, as as soon as the lower numbered device comes back online, it's going to fail back over to that device. So, with device priority being equal, the HA1 mac comes into play. I'm thinking your saying that if they can't communicate over HA1 and lose connectivity, this could be a problem, even if heartbeat backup is enabled, as the systems can't read their MAC addresses and tell which is lower number---or maybe that flows through the heartbeat backup? Has anyone tested this with equal priorities, and loss of HA1 interface?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClE9CAK
02-05-2019 09:54 AM
i have testes with same priority 100
device with lower HA1 mac becomes active
02-05-2019 10:41 AM
Yes i can confirm this as well. But what happens if HA1 goes down, you have hearbeat backups enabled, and priority is the same?
02-05-2019 05:37 PM
i testesd with ha1 backup down and same priority.
i was trying to create split brain scenario.
02-06-2019 06:51 AM
what was your result?
02-07-2019 07:49 PM
Both PA become active active as HA1 and HA1 backup link was down.
02-08-2019 07:02 AM
This would still happen with different prioities though as well wouldn't it?
02-08-2019 07:19 AM
yes it will still happen with different priorities.
02-08-2019 07:35 AM
makes sense. so basically if you lose your ha1 or backup ha1 your stuck.
02-08-2019 09:14 AM
yes that's how it is
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!