HA and Device Priority

Reply
Highlighted
L4 Transporter

HA and Device Priority

HA active device

Upon initial configuration the device with the lowest priority, value close to zero, becomes the active unit (default priority is 100). If two devices have the same priority value, the device with the lowest MAC address of the HA1 link becomes the active unit.

Can someone give me real world example of when both FWs would have same priority, and why would they be configured as such.

Thanks

Highlighted
L6 Presenter

A couple of reasons I can think of:

1) Misconfiguration due to lack of knowledge?

2) Misconfiguration due to lack of reading the manual?

3) Copy-paste monster (you copy the config of one device to make it equal on another and woops, forgets to change the prioritys).

Highlighted
L5 Sessionator

If you are not using the "Preempt" feature in Active/Passive HA then two devices having the same priority should be of no consequence.

Highlighted
L4 Transporter

this

Highlighted
Cyber Elite

Hello,

I always like to set on lower than the other so I dont fall into a split brain scenario. 

 

Regards,

Highlighted
L4 Transporter

This would only happen if it couldn't communicate with the secondary box correct?  If you had device priority set differently, if you don't have preemption enabled, it's not going to make a difference--only the communication between the boxes is going to matter right?  Help me understand this one, but with premption disabled, and device priority equal, as long as the boxes can communicate/interface monitor the correct interfaces, that preemption checkbox does not matter.   Also, If you have preemption disabled, and priorities different, only if the boxes can't communicate between each other, your going to get a split brain.  With preemption enabled, then it matters, as as soon as the lower numbered device comes back online, it's going to fail back over to that device.  So, with device priority being equal, the HA1 mac comes into play.   I'm thinking your saying that if they can't communicate over HA1 and lose connectivity, this could be a problem, even if heartbeat backup is enabled, as the systems can't read their MAC addresses and tell which is lower number---or maybe that flows through the heartbeat backup?  Has anyone tested this with equal priorities, and loss of HA1 interface?

 

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClE9CAK

Highlighted
Cyber Elite

i have testes with same priority 100

device with lower HA1 mac becomes active

MP
Highlighted
L4 Transporter

Yes i can confirm this as well.  But what happens if HA1 goes down, you have hearbeat backups enabled, and priority is the same?

Highlighted
Cyber Elite

i testesd with ha1 backup down and same priority.

i was trying to create split brain scenario.

MP
Highlighted
L4 Transporter

what was your result?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!